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CRYPTOGRAPHIC COMMUNICATION METHOD, ENCRYPTION 
ALGORITHM SHARED CONTROL METHOD, ENCRYPTION ALGORITHM 
CONVERSION METHOD AND NETWORK COMMUNICATION SYSTEM 

BACKGROUND OF THE INVENTION 

Related Applications 

This application is a continuation application of U.S. 
Patent Application No. 09/365,446, filed on August 2, 1999, which 
in turn claims the benefit of priority from Japanese Patent 
Application No. 10-217732, filed on July 31, 1998, the entirety of 
which are incorporated herein by reference. 

1. Field of the Invention 

Th£ present invention relates to cryptographic communication 
method, encryption algorithm shared control method and network 
communication system for converting encryption algorithm for 
cryptographic communication to other encryption algorithm, and 
more particularly to cryptographic communication method, 
encryption algorithm shared control method and network 
communication system suitable for sharing the same encryption 
algorithm as encryption algorithm operated by a plurality of users 
and changing the shared encryption algorithm to other encryption 
algorithm. 

25 2. Description of Related Art 

As a means for securing the safety of information 
transmission, a method of transmitting encrypted 

information is generally employed. Because of recent advancement 
of performance of a personal computer, in a case where information 
30 to be transmitted is digital information such as document and 

video, often such information is encrypted on software basis. If a 
user U[A] carries out cryptographic communication 
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with a user U[B], the user U[A] encrypts transmission 
information with an encryption key and transmits that 
encrypted data. On the other hand, the user U[B] receives 
this data and decrypts that received data with a decryption 
5 key. This cryptographic communication can be established 
on a presumption that the user U[A] and user U[B] share 
the same encryption algorithm. Usually, the encryption 
algorithm is shared by the following manners. The 
encryption algorithm is recorded in a recording medium such 

10 as a floppy disk by an encryption system manager and 

distributed to each user. Or the encryption algorithm is 
installed in an information processing unit having 
encryption processing function such that it can be executed 
and the information processing unit is distributed. 

15 As for a method for operating the encryption algorithm, 

to improve the cipher security, not only a scramble key is 
generated as a key for encrypting information, but also a 
session key for encrypting this scramble key is generated. 
Then, duplex encryption method is employed so that user 

20 U[A] transmits information encrypted with the scramble key 
and the scramble key encrypted with the session key to user 
U[B] . Each time when cryptographic communication occurs, 
the scramble key is changed. 

SUMMARY OF THE INVENTION 
25 However, in the above described encryption method, the 
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following problem arises. 

(1) If the transmission side and the reception side use 
different operating algorithms, cryptographic communication 
cannot be carried out. Therefore, a necessity of 

5 distributing an encryption algorithm of one of the 

transmission side and the reception side to the other side 
occurs . 

However, the above described method of recording the 
encryption algorithm in a recording medium and distributing 

10 it to each user and method of distributing an information 
processing unit having an encryption function in which the 
encryption algorithm is installed so that it can be 
executed requires time for distribution because the 
distribution is carried out by transportation or the like. 

15 If the encryption algorithm is distributed to each user, an 
encryption processing unit in which the encryption 
algorithm is installed is connected to a unit having a 
communication function so as to construct a system, and 
whether or not the cryptographic communication is enabled 

20 is verified on function basis. Because this functional 
verification is carried out with communication between 
users, time and labor are needed. 

(2) As a method for improving the encryption security, a 
method of operating the encryption algorithm by 

25 periodically changing it can be considered by this inventor 
For example, if the encryption algorithm of the session key 
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in the above mentioned duplex encryption method is changed 
periodically, the security can be expected to be improved. 

However, for this purpose, the encryption algorithm to 
be changed needs to be distributed to each user. However, 
5 if distribution of this encryption algorithm is carried out 
in the same manner as (1), time and labor are needed 
thereby the efficiency being lower. 

(3) With a recent progress of information appliance such as 
a personal computer, information processing speed has been 

10 improved every year. The intensity of the encryption 

algorithm needs to be so strong that information is not 
decrypted within its effective limit even if an attack is 
made to decrypt with such information appliance. 

Therefore, the intensity of the encryption algorithm 

15 needs to be set corresponding to the information processing 
speed of the information appliance of a day in which it is 
used and changed to an encryption algorithm whose intensity 
is higher. Thus, a distribution method for an encryption 
algorithm having an excellent efficiency is needed like 

20 above ( 2 ) . 

(4) The inventor of the present invention has considered a 
method for constructing a cryptographic communication 
system in which a plurality of users are connected to a 
station for managing the key for operating the encryption 

25 algorithm. However, if a plurality of the encryption 

algorithms exist in the cryptographic communication system 
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and the encryption algorithms are periodically updated, 
this system requires such a complicated system operating 
function for grasping the encryption algorithms of each 
user, distributing the same algorithm so as to be shared if 
5 the algorithms of users about to communicate with each 

other are different, if the user is changing the algorithm, 
suspending the cryptographic communication with the user 
whose algorithm is being changed. If the distribution 
method for the encryption algorithm of (1) is applied, not 

10 only time and labor are needed, but also it is difficult to 
grasp the condition of the encryption algorithm of each 
user at real time, so that there is a fear that the 
cryptographic communication system is disturbed thereby an 
effective system operation being obstructed. 

15 (5) If the encryption algorithm is changed, a key for use 
by the user may not correspond to that encryption algorithm 
to be changed. If a common key encryption algorithm is 
changed to a public key encryption algorithm or conversely 
if the public key encryption algorithm is changed to the 

20 common key encryption algorithm, there is a problem that 
the key for use by the user cannot be used for the changed 
encryption algorithm. 

If the encryption algorithm is changed to an 
encryption algorithm having a high intensity, usually, the 

25 key length for use is prolonged. Therefore, if the key for 
use by the user can be used under the changed encryption 
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algorithm, there is a problem that the intensity of the 
encryption is not increased if the same key length is used. 

Accordingly, the present invention has been made in 
views of the above problems and therefore, it is an object 
5 of the invention to provide a cryptographic communication 
method, encryption algorithm sharing management method, 
encryption algorithm conversion method, and network 
communication system capable of distributing an encryption 
algorithm with the safety and converting it in a state that 

10 time and labor required therefor are reduced. 

It is another object of the invention to provide a 
cryptographic communication method, encryption algorithm 
sharing management method, encryption algorithm conversion 
method and network communication system in which encryption 

15 algorithms operated by a plurality of users share the same 
encryption algorithm as a result of the encryption 
algorithm conversion and preferable for changing the shared 
encryption algorithm to other encryption algorithm. 

To achieve the above object, according to a first 

20 aspect of the present invention, there is provided a 

cryptographic communication method wherein when different 
encryption algorithms are operated at a transmission side 
and a reception side, the transmission side encrypts an 
encryption algorithm operated at the transmission side with 

25 an encryption algorithm operated at the reception side and 
transmits the encrypted algorithm to the reception side. 
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According to a second aspect of the present invention, 
there is provided a cryptographic communication method 
wherein information on encryption algorithm operated at a 
transmission side and information on an encryption 
5 algorithm operated at a reception side are obtained from 
the transmission side and when different encryption 
algorithms are operated at the transmission side and the 
reception side, an encryption algorithm operated at the 
transmission side is encrypted with an encryption algorithm 

10 operated at the reception side and transmitted to the 
reception side. 

According to a third aspect of the present invention, 
there is provided an encryption algorithm sharing 
management method for sharing an encryption algorithm for 

15 cryptographic communication, comprising the steps of: from 
a user of a transmission side, obtaining a user identifier 
indicating the user and^ a user identifier indicating a user 
of a reception side; and querying a data base in which a 
correspondence beWeen the user identifier indicating the 

20 user and the encryption algorithm operated by the user is 
preliminarily described about each user and then retrieving 
encryption algorithm operated by the user of the 
transmission side and the encryption algorithm operated by 
the user of the reception side,, Vherein if the encryption 

25 algorithm operated by the user of the transmission side is 
different from the encryption algorithm operated by the 
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user of the reception side, data indicating the encryption 
algorithm operated by the user of the transmission side is 
encrypted with the encryption algorithm operated by the 
user of the reception side and transmitted to the user of 
5 the reception side. 

According to a fourth aspect of the present invention, 
there is provided an encryption algorithm sharing 
management method for sharing an encryption algorithm for 
cryptographic communication, comprising the steps of: from 

10 a user of a transmission side, obtaining a user identifier 
indicating the user and a user identifier indicating a user 
of a reception side; querying a data base in which a 
correspondence between the user identifier indicating the 
user, an encryption algorithm operated by the user and an 

15 encryption key thereof is preliminarily described about 

each user so as to obtain the encryption algorithm operated 
by the user of the transmission side and the encryption key 
thereof and the encryption algorithm operated by the user 
of the reception side and the encryption key thereof, 

20 wherein if the encryption algorithm operated by the user of 
the transmission side is different from the encryption 
algorithm operated by the user of the reception side, data 
indicating the encryption algorithm operated by the user of 
the transmission side and encryption key produced based on 

25 the encryption key operated by the user of the reception 
side corresponding to a key length of the encryption 
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algorithm is encrypted with the encryption algorithm 
operated by the user of the reception side and transmitted 
to the user of the reception side. 

According to a fifth embodiment of the present 
5 invention, there is provided an encryption algorithm 
sharing management method for sharing an encryption 
algorithm for cryptographic communication, comprising the 
steps of: from a user of a transmission side, obtaining a 
user identifier indicating the user and a user identifier 

10 indicating a user of a reception side; and querying a data 
base in which a correspondence between user identifier 
indicating the user, an encryption algorithm operated by 
the user and an encryption key thereof is preliminarily 
described about each user so as to obtain the encryption 

15 algorithm operated by the user of the transmission side and 
the encryption key thereof and the encryption algorithm 
operated by the user of the reception side and the 
encryption key thereof, wherein if the encryption algorithm 
operated by the user of the transmission side is different 

20 from the encryption algorithm operated by the user of the 
reception side, signature data produced for the encryption 
key operated by the user of the transmission side is 
transmitted to the user of the transmission side and data 
obtained by encrypting the encryption algorithm operated by 

25 the user of the transmission side with the encryption 

algorithm operated by the user of the reception side and 
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signature data produced for an encryption key operated by 
the user of the reception side are transmitted to the user 
of the reception side. 

According to a sixth aspect of the present invention, 
5 there is provided an encryption algorithm sharing 

management method for sharing an encryption algorithm for 
cryptographic communication, comprising the steps of: from 
a user of a transmission side, obtaining a user identifier 
indicating the user and a user identifier indicating a user 

10 of a reception side; and querying a data base in which a 
correspondence between the user identifier indicating the 
user, an encryption algorithm operated by the user and an 
encryption key thereof is preliminarily described about 
each user so as to obtain an encryption algorithm operated 

15 by the user of the transmission side and an encryption key 
thereof and an encryption algorithm operated by the user of 
the reception side and an encryption key thereof, wherein 
if the encryption algorithm operated by the user of the 
transmission side is different from the encryption 

20 algorithm operated by the user of the reception side, 

signature data produced for the encryption key operated by 
the user of the transmission side is transmitted to the 
user of the transmission side and data indicating the 
encryption algorithm operated by the user of the 

25 transmission side and encryption key produced based on the 
encryption key operated by the user of the reception side 
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corresponding to a key length of the encryption algorithm 
is encrypted with the encryption algorithm operated by the 
user of the reception side and transmitted to the user of 
the reception side with the signature data produced 
5 corresponding to the encryption key operated by the user of 
the reception side. 

According to a seventh aspect of the present invention, 
there is provided Network communication system composed by 
connecting a plurality of users, comprising at least an 

10 encryption key management station to be connected from a 
user of a transmission side, the encryption key management 
station obtaining, from the user of the transmission side, 
information indicating an encryption algorithm operated by 
the user and information indicating an encryption algorithm 

15 operated by a user of a reception side and if different 
encryption algorithms are operated by the users of the 
transmission side and the reception side, encrypting the 
encryption algorithm operated by the user of the 
transmission side with the encryption algorithm operated by 

20 the user of reception side and transmitting it to the user 
of the reception side. 

According to an eighth aspect of the present invention, 
there is provided network communication system composed by 
connecting a plurality of users, comprising at least an 

25 encryption key management station to be connected from a 
user of a transmission side, the encryption key management 
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station comprising data base in which a correspondence 
between a user identifier indicating the user and an 
encryption algorithm operated by the user is preliminarily 
described about each user; 
5 wherein when a communication is carried out from the user 
of the transmission side to a user of a reception side, a 
user identifier indicating the user and a reception side 
user identifier are obtained from the user of the 
transmission side and the data base is queried with the 
10 obtained identifier as a key so as to obtain an encryption 
algorithm operated by the user of the transmission side and 
an encryption algorithm operated by the user of the 
reception side, and 

if the encryption algorithm operated by the user of the 
15 transmission side is different from the encryption 

algorithm operated by the user of the reception side, the 
encryption algorithm operated by the user of the 
transmission side is encrypted with the encryption 
algorithm operated by the user of the reception side and 
20 transmitted to the user of the reception side. 

According to a ninth aspect of the present invention, 
there is provided an encryption algorithm sharing 
management method for sharing an encryption algorithm for 
cryptographic communication, comprising the steps of: from 
25 a user of a transmission side, obtaining a user identifier 
indicating the user and a user identifier indicating a user 



12 



of a reception side; querying a data base in which a 
correspondence between the user identifier indicating the 
user and an encryption algorithm operated by the user is 
preliminarily described about each user so as to retrieve 
5 an encryption algorithm operated by the user of the 

transmission side and an encryption algorithm operated by 
the user of the reception side; and if the encryption 
algorithm operated by the user of the transmission side is 
different from the encryption algorithm operated by the 
10 user of the reception side, data indicating the encryption 
algorithm operated by the user of the transmission side is 
encrypted with the encryption algorithm operated by the 
user of the reception side and transmitted to the user of 
reception side. 

15 According to a tenth aspect of the present invention, 

there is provided an encryption algorithm sharing 
management method for sharing an encryption algorithm for 
cryptographic communication, comprising the steps of: from 
a user of a transmission side, obtaining a user identifier 

20 indicating the user and a user identifier indicating a user 
of a reception side; and querying a data base in which a 
correspondence between the user identifier indicating the 
user, an encryption algorithm operated by the user and an 
encryption key is preliminarily described about each user 

25 so as to obtain the encryption algorithm operated by the 

user of the transmission side and an encryption key thereof 
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and the encryption algorithm operated by the user of the 
reception side and an encryption key, wherein if the 
encryption algorithm operated by the user of the 
transmission side is different from the encryption 
5 algorithm operated by the user of the reception side, data 
indicating the encryption algorithm operated by the user of 
the transmission side and the encryption key produced based 
on an encryption key operated by the user of the reception 
side corresponding to a key length of the encryption 

10 algorithm is encrypted with the encryption algorithm 

operated by the user of reception side and transmitted to 
the user of the reception side. 

According to an eleventh aspect of the present 
invention, there is provided an encryption algorithm 

15 sharing management method for sharing an encryption 

algorithm for cryptographic communication, comprising the 
steps of: from a user of a transmission side, obtaining a 
user identifier indicating the user and a user identifier 
indicating a user of a reception side; and querying a data 

20 base in which a correspondence between the user identifier 
indicating the user, an encryption algorithm operated by 
the user and an encryption key is preliminarily described 
about each user so as to obtain the encryption algorithm 
operated by the user of the transmission side and the 

25 encryption key thereof and the encryption algorithm 

operated by the user of the reception side and encryption 
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key thereof, wherein if the encryption algorithm operated 
by the user of the transmission side is different from the 
encryption algorithm operated by the user of the reception 
side, signature data produced for an encryption key 
5 operated by the user of the transmission side is 

transmitted to the user of the transmission side and the 
encryption algorithm operated by the user of the 
transmission side is encrypted with the encryption 
algorithm operated by the user of the reception side and 

10 transmitted to the user of the reception side with 

signature data produced for an encryption key operated by 
the user of the reception side. 

According to a twelfth aspect of the present invention, 
there is provided an encryption algorithm sharing 

15 management method for sharing an encryption algorithm for 
cryptographic communication, comprising the steps of: from 
a user of a transmission side, obtaining a user identifier 
indicating the user and a user identifier indicating a user 
of a reception side; and querying a data base in which a 

20 correspondence between the user identifier indicating the 
user, encryption algorithm operated by the user and 
encryption key is preliminarily described about each user 
so as to obtain the encryption algorithm operated by the 
user of the transmission side and an encryption key thereof 

25 and the encryption algorithm operated by the user of the 
reception side and encryption key, wherein if the 
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encryption algorithm operated by the user of the 
transmission side is different from the encryption 
algorithm operated by the user of the reception side, 
signature data produced for an encryption key operated by 
5 the user of the transmission side is transmitted to the 
user of the transmission side and data indicating the 
encryption algorithm operated by the user of the 
transmission side and encryption key produced based on an 
encryption key operated by the user of the reception side 

10 corresponding to a key length of the encryption algorithm 
is encrypted with the encryption algorithm operated by the 
user of the reception side and transmitted to the user of 
the reception side with signature data produced 
corresponding to the encryption key operated by the user of 

15 the reception side. 

According to a thirteenth aspect of the present 
invention, there is provided a network communication system 
composed by connecting a plurality of users, comprising at 
least an encryption key management station to be connected 

20 from a user of a transmission side, the encryption key 
management station obtaining, from the user of the 
transmission side, information indicating an encryption 
algorithm operated by the user and information indicating 
an encryption algorithm operated by a user of a reception 

25 side, and when different encryption algorithms are operated 
by the user of the transmission side and the user of the 
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reception side, encrypting the encryption algorithm 
operated by the user of the transmission side with the 
encryption algorithm operated by the user of the reception 
side and transmitted to the user of reception side. 
5 According to a fourteenth aspect of the present 

invention, there is provided a network communication system 
composed by connecting a plurality of users, comprising at 
least an encryption key management station to be connected 
from a user of a transmission side, the encryption key 
10 management station comprising a data base in which a 

correspondence between a user identifier indicating a user 
and an encryption algorithm operated by the user is 
preliminarily described about each user; 

wherein when a communication is carried out from the user 
15 of transmission side to a user of a reception side, a user 
identifier indicating the user and a reception side user 
identifier are obtained from the user of the transmission 
side, and the data base is queried with the obtained 
identifier as a key so as to obtain an encryption algorithm 
20 operated by the user of the transmission side and 

encryption algorithm operated by the user of the reception 
side, and if the encryption algorithm operated by the user 
of the transmission side is different from the encryption 
algorithm operated by the user of the reception side, the 
25 encryption algorithm operated by the user of the 
transmission side is encrypted with the encryption 
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algorithm operated by the user of the reception side and 
transmitted to the user of the reception side. 

According to a fifteenth aspect of the present 
invention, there is provided a cryptographic communication 
5 method wherein if different encryption algorithms are 

operated by a transmission side and a reception side, the 
encryption algorithm operated by the reception side is 
encrypted with the encryption algorithm operated by the 
transmission side and transmitted to the transmission side. 

10 According to a sixteenth aspect of the present 

invention, there is provided a cryptographic communication 
method wherein information indicating an encryption 
algorithm operated by a transmission side and information 
indicating an encryption algorithm operated by a reception 

15 side are obtained from the transmission side and when 
different encryption algorithms are operated by the 
transmission side and the reception side, the encryption 
algorithm operated by the reception side is encrypted with 
the encryption algorithm operated by the transmission side 

20 and transmitted to the transmission side. 

According to a seventeenth aspect of the present 
invention, there is provided an encryption algorithm 
sharing management method for sharing an encryption 
algorithm for cryptographic communication, comprising the 

25 steps of: from a user of a transmission side, obtaining a 
user identifier indicating the user and a user identifier 



18 



J 



indicating a user of a reception side; querying a data base 
in which a correspondence between the user identifier 
indicating user and encryption algorithm operable by the 
user is preliminarily described about each user so as to 
5 obtain an encryption algorithm operable by the user of the 
transmission side and an encryption algorithm operable by 
the user of the reception side; determining whether or not 
there is an encryption algorithm operable by the user of 
the transmission side and the user of the reception side 
10 commonly; and if the commonly operable encryption algorithm 
exists, it is notified the user of the transmission side 
that cryptographic communication at the user of the 
transmission side and the user of the reception side is 
enabled. 

15 According to an eighteenth aspect of the present 

invention, there is provided an encryption algorithm 
conversion method for converting an operating first 
encryption algorithm to other second encryption algorithm 
comprising: querying a data base in which a correspondence 

20 between a user identifier indicating a user, an encryption 
algorithm operated by the user and an encryption key 
thereof is preliminarily described about each user with a 
user whose encryption algorithm is to be converted as a key 
so as to obtain a first encryption algorithm operated by 

25 the user and a first encryption key; and supplying first 
and second signature data written in the first and second 
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encryption keys with a first management secret key 
preliminarily allocated for management and operated on the 
first encryption algorithm, public key data obtained by 
encrypting a second public key corresponding to a second 
5 management secret key operated on the second encryption 
algorithm preliminarily allocated for management with the 
first encryption algorithm, a second encryption algorithm 
encrypted with the first encryption algorithm and signature 
data produced based on the second management secret key to 
10 the user. 

BRIEF DESCRIPTION OF THE DRAWINGS 
Fig. 1 is an explanatory diagram showing a network 
communication system; 

Fig. 2 is a functional block diagram showing a 
15 functional structure of respective portions of the network 
communication system; 

Figs. 3A and 3B are explanatory diagrams showing 
information to be stored in data base accessed by a key 
management work station. Fig. 3A indicates information to 
20 be stored in a network encryption algorithm control data 
base and Fig. 3B indicates information to be stored in the 
network key management data base; 

Figs . 4A and 4B are explanatory diagrams showing 
information to be stored in data base accessed by a 
25 personal computer. Fig. 4A indicates information to be 
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stored in encryption algorithm control data base and Fig. 
4B indicates information to be stored in a key structure 
management data base; 

Fig. 5 is a schematic data flow diagram showing 
5 conversion of encryption algorithm to which the present 
invention is applied; 

Fig. 6 is a schematic data flow diagram showing 
encryption algorithm conversion for common key cipher to 
which the present invention is applied; 
10 Fig. 7 is a data flow diagram showing cryptographic 

communication by common key cipher to which the present 
invention is applied; 

Fig. 8 is a flow chart showing a former half portion 
of encryption algorithm conversion procedure by common key 
15 cipher to which the present invention is applied; 

Fig. 9 is a flow chart showing a latter half portion 
of encryption algorithm conversion procedure by common key 
cipher to which the present invention is applied; 

Figs. 10A and 10B are explanatory diagrams showing a 
20 change of an encryption key of common key cipher to which 

the present invention is applied; Fig. 10A indicates a case 
in which the key length is shortened, and Fig. 10B 
indicates a case in which the key length is prolonged; 

Fig. 11 is a data flow diagram showing cryptographic 
25 communication by public key cipher to which the present 
invention is applied; 
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Fig. 12 is a data flow chart showing encryption 
algorithm conversion by public key cipher to which the 
present invention is applied; 

Fig. 13 is a flow chart showing a former half portion 
5 of encryption algorithm conversion procedure by public key 
cipher to which the present invention is applied; 

Fig. 14 is a flow chart showing a latter half portion 
of encryption algorithm conversion procedure by public key 
cipher to which the present invention is applied; 
10 Fig. 15 is an explanatory diagram showing a change of 

encryption key of public key cipher to which the present 
invention is applied; 

Fig. 16 is a data flow chart showing cryptographic 
communication system by public key cipher algorithm to 
15 which the present invention is applied; 

Fig. 17 is a data flow chart showing encryption 
algorithm conversion by a portable information processing 
apparatus to which the present invention is applied; 

Fig. 18 is a data flow chart showing other embodiment 
20 of encryption algorithm conversion by a portable 

information processing apparatus to which the present 
invention is applied; 

Fig. 19 is an explanatory diagram showing a data base 
relating to encryption key and encryption algorithm to 
25 which the present invention is applied; 

Fig. 20 is a data flow diagram showing a case in which 
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a encryption key is generated by user in encryption 
algorithm conversion to which the present invention is 
applied; 

Fig. 21 is a block diagram showing cryptographic 
5 communication system by public key cipher algorithm to 
which the present invention is applied; 

Fig. 22 is an explanatory diagram showing other 
embodiment of network communication system; 

Fig. 23 is an explanatory diagram showing an operation 
10 of encryption of key recovery function to which the present 
invention is applied; 

Fig. 24 is an explanatory diagram showing an operation 
of decryption of key recovery function to which the present 
invention is applied; and 
15 Fig. 25 is a block diagram showing cryptographic 

communication system using IC card based on public key 
cipher algorithm to which the present invention is applied. 



DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS 
Hereinafter, the embodiments of the present invention 
20 will be described with reference to the accompanying 
drawings . 

First, functions of a network communication system to 
which the present invention is applied will be described. 
In a cryptographic communication system to which the 
25 present invention is applied, (1) a key management station 
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for controlling an encryption algorithm is placed, (2) 
condition of encryption algorithm operated by each user is 
grasped by the key management station, (3) an encryption 
algorithm for use by each user is set up and (4) encryption 
5 algorithm for use by each user is converted. 

The respective functions will be described below. 

First, the key management station for controlling the 
encryption algorithm of (1) will be described. A key 
management station for controlling encryption algorithm is 
10 placed in the cryptographic communication system, so as to 
register all encryption algorithms used by user and 
encryption algorithms to be updated in this key management 
station. 

Next, the function for grasping the condition of the 
15 encryption algorithm operated by each user of (2) will be 
described. 

Each user carrying out the cryptographic communication 
and the key management station are connected to each other 
through such an electronic communication line as a 

20 satellite communication line or ground communication line 
or the like and the key management station always monitors 
the condition of the encryption algorithm operated by the 
user through the line. If a necessity of the cryptographic 
communication arises between users, whether or not the 

25 cryptographic communication is possible is determined by 
judging from the operating condition of the encryption 
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algorithm to be operated by the user. 

Further, the key management station grasps the 
operating condition of the encryption algorithm of each 
user and information of the key for use by the user. If 
5 the encryption algorithm operated by the user is changed, 
information for converting the key is created so as to be 
capable of adapting to an encryption algorithm in which the 
key for use by the user is changed and then transmitted to 
that user. 

10 Next, the function for setting up the encryption 

algorithm for use by each user of (3) will be described 
about a case (i) in which cryptographic communication is 
carried out between respective users and a case (ii) in 
which the intensity of the encryption algorithm for use by 

15 each user is converted to an encryption algorithm of the 
same series having an intensity equivalent to or higher 
than that encryption algorithm. 

First, the case in which the cryptographic 
communication is carried out between the respective users 

20 of (i) will be described. 

Possible cases include a case (a) in which the users 
intending to carry out the cryptographic communication 
share the same encryption algorithm and a case (b) in which 
the users intending to carry out the cryptographic 

25 communication do not share the same encryption algorithm. 
Corresponding functions to these cases will be described 
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below. 

(a) Case where users intending to carry out cryptographic 
communication share the same encryption algorithm 

1. The key management station determines that cryptographic 
5 communication between the users is possible and transmits 

this determination result to the users. 

2. The users receive this result and execute the 
cryptographic communication by the shared encryption 
algorithm. 

10 (b) Case where users intending to carry out cryptographic 
communication do not share the same encryption algorithm 

1. The key management station determines that cryptographic 
communication between the users is impossible. 

2. Considering user request, restriction and the like of a 
15 registered encryption algorithm, the key management station 

sets up encryption algorithm for use in cryptographic 
communication between the users and transmits this 
encryption algorithm to the users through a communication 
line. 

20 If there is a necessity of converting a key for use by 

user so as to be applicable for a new set encryption 
algorithm, information for this key conversion is created 
and transmitted to the user through a communication line. 

3. The user converts the transmitted encryption algorithm 
25 and as required, the key for use and executes cryptographic 

communication . 
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Next, the case in which the intensity of the 
encryption algorithm for use by each user of (ii) is 
converted to encryption algorithm of the same series having 
an intensity equivalent to or higher than that encryption 
5 algorithm will be described. 

To convert the intensity of the encryption algorithm 
to an encryption algorithm of the same series having an 
intensity equivalent to or higher than that encryption 
algorithm, for example, it can be considered that (a) with 

10 respect to the encryption algorithm used by the user, the 
user supplies an encryption algorithm of the same series 
having an intensity equivalent to or higher than the 
encryption algorithm used by the user, and (b) with respect 
to the encryption algorithm used by the user, the key 

15 management station possesses an encryption algorithm 

generating apparatus for the encryption algorithm for use 
by the user and supplies an encryption algorithm of the 
same series having an intensity equivalent to or higher 
than that encryption algorithm. The function of each case 

20 will be described below. 

(a) Case where with respect to the encryption 
algorithm used by the user, the user supplies an encryption 
algorithm of the same series having an intensity equivalent 
to or higher than the encryption algorithm used by the user 

25 1. An encryption algorithm of the same series having an 
intensity equivalent to or higher than the encryption 
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algorithm used by the user is produced and transmitted to 
the key management station and registered therein . 

2. The key management station sets up a user using an 
encryption algorithm except the registered encryption 

5 algorithm of the same series having an intensity equivalent 
to or higher, as required, produces information for 
converting a key for use by the user and then transmits the 
aforementioned encryption algorithm of the same series 
having an intensity equivalent to or higher and information 
10 for key conversion to this user. 

3. The user receiving the encryption algorithm of the same 
series having an intensity equivalent to or higher and 
information for key conversion converts the key for use 
using the transmitted information for key conversion as 

15 required and then carries out cryptographic communication 
according to the transmitted encryption algorithm, 
(b) Case where with respect to the encryption algorithm 
used by the user, the key management station possesses an 
encryption algorithm generating apparatus for the 

20 encryption algorithm for use by the user and supplies an 

encryption algorithm of the same series having an intensity 
equivalent to or higher than that encryption algorithm. 
1: the key management station produces an encryption 
algorithm of the same series having an intensity equivalent 

25 to or higher than the encryption algorithm used by the user 
and registers the produced encryption algorithm. 
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2: The key management station sets up user using an 
encryption algorithm other than the registered encryption 
algorithm of the same series having an intensity equivalent 
to or higher, as required produces information for 
5 converting a key used by the user and then transmits the 

encryption algorithm of the same series having an intensity 
equivalent to or higher and information for key conversion 
to this user. 

3- The user receiving the encryption algorithm of the same 

10 series having an intensity equivalent to or higher and 

information for key conversion converts the key for use by 
using the received information for key conversion as 
required and carries out cryptographic communication 
according to the received encryption algorithm. 

15 Next, a function for converting the encryption 

algorithm for use by user of (4) will be described. 
1: The key management station produces the encryption 
algorithm for conversion by user and as required, 
information for conversion of the key for use by each user 

20 according to the above ( 3 ) . 

2 : The key management station encrypts the encryption 
algorithm for conversion by each user and key conversion 
information produced as required by using the encryption 
algorithm operated by the user and transmits it to each 

25 user through communication line. 

3: Each user decrypts data transmitted from the key 
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management station using the operated encryption algorithm 
so as to obtain the encryption algorithm for conversion and 
key conversion information. 

4: Each user changes the operated encryption algorithm and 
5 key for use according to the aforementioned decrypted data. 
5. Each user encrypts a statement "encryption algorithm 
change completed" using the changed encryption algorithm 
and transmits it to the key management station through 
communication line . 

10 6: The key management station decrypts the encrypted and 
transmitted data and obtains the statement "encryption 
algorithm change completed 11 and confirms that user's 
encryption algorithm has converted and the encryption 
function operates properly. 

15 Next, a first embodiment of the present invention will 

be described with reference to Figs. 1-5. In this 
embodiment, an outline of encryption algorithm conversion 
to which the present invention is applied will be described. 
First, a network communication system to which the 

20 present invention is applicable will be described with 
reference to Fig. 1. Here, an example of a structure in 
which a plurality of personal computers (information 
processing apparatuses) 100, 200 used by users are 
connected to the key management station 400, will be 

25 described. 

The encryption algorithms operated by this system are 
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assumed to be A[l]-A[n], B[l]-B[m] and these encryption 
algorithms are controlled by the key management station. 
The encryption algorithms A[l]-A[n] are encryption 
algorithms belonging to the same series A having an 
5 intensity equivalent or different . The key management 

station updates security by changing encryption algorithm 
to a new encryption algorithm of the same series having an 
intensity equivalent to or higher than the encryption 
algorithm concerned. 

10 The key management station manages the encryption 

algorithm operated by the user and user ID with 
correspondence therebetween assuming that the user ID of 
user operating the encryption algorithm A[l] is U[Ai, li]- 
U[Ai, Ni], user ID of user operating the encryption 

15 algorithm A[2] is U[A 2 , 1 2 ]-U[A 2 , N 2 ], user ID of user 

operating the encryption algorithm A[n] is U[A n/ l n ]-U[A n , 
N n ] , user ID of user operating the encryption algorithm 
B[l] is U[Bi # li]-U[Bi # Mi], user ID of user operating the 
encryption algorithm B[2] is U[B 2 , 1 2 ]-U[B 2 , M 2 ], user ID of 

20 user operating the encryption algorithm B[m] is U[B n , l n ]- 
U[B n , MJ. 

Referring to Fig. 1, personal computers 100 used by a 
user operating one of the encryption algorithms belonging 
to series A (hereinafter referred to as encryption 
25 algorithm A) , personal computers 200 used by a user 

operating one of the encryption algorithms belonging to 
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series B (hereinafter referred to as encryption algorithm 
B), and the key management station 400 provided with a key 
management work station 500 are connected through a network. 
In this network communication system, cryptographic 
5 communication, encryption algorithm conversion and the like 
are carried out by means of software processing of the 
personal computers 100, 200 such as an information 
processing unit used by the users and key management work 
station 500. 

10 Fig. 22 shows a different embodiment from Fig. 1 of 

the network communication system in which a plurality of 
encryption algorithms exist. In this embodiment of the 
network communication system, algorithm A, algorithm B, 
algorithm C and algorithm D exist as the encryption 

15 algorithm. 

Usually, the encryption algorithm for use is 
determined by user's selection. 

There are some encryption algorithms which user don't 
want to use because of the characteristic of the encryption 

20 algorithm. 

In the network communication system shown in Fig. 22, 
the aforementioned four encryption algorithms A, B, C and D 
are used. In this Figure, a range of users using the 
encryption algorithm A is indicated with a solid line, a 

25 range of users using the encryption algorithm B is 

indicated with a dot and dash line, a range of users using 
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the encryption algorithm C is indicated with two dots and 
dash line and a range of users using the encryption 
algorithm D is indicated with broken line. 

Users located in a region in which the encryption 
5 algorithms overlap can use plural encryption algorithms. 

The key management station stores users capable of 
using each encryption algorithm in data base. 

If a request for cryptographic communication occurs 
between users, the key management work station grasps the 
10 operating condition of the encryption algorithm of the 
transmission side and reception side according to the 
aforementioned data base. 

If the transmission side and reception side share the 
same encryption algorithm, cryptographic communication 
15 between the both is continued. 

If the same encryption algorithm is not shared, 
whether or not the same encryption algorithm can be held by 
the transmission side and reception side is determined 
according to the aforementioned data base. If the sharing 
20 is impossible, it is notified the both that the 
cryptographic communication is disabled. 

Whether or not the encryption algorithm can be shared 
between the users is determined depending on user's 
convenience. The range of users using each encryption 
25 algorithm is changed by user's convenience. 

The key management work station changes information 
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stored in data base for indicating users using each 

encryption algorithm by notification from the user. 

Next, software processing function of each information 

processing unit (personal computer, key management work 
5 station) in this network communication system will be 

described with reference to Fig. 2. 

In Fig. 2, the personal computers 100 and 200 are 

connected to each other so as to construct a network. 

Hereinafter, a case where the personal computer 100 is used 
10 by a transmission side user and the personal computer 200 

is used by a reception side user will be described. It is 

needless to say that because the personal computers 100, 

200 have the same structure, they can be used for both. 

The key management work station 500 is connected to the 
15 personal computer 100 for use by at least the transmission 

side user. 

The personal computer 100 (200) for use by the 
transmission side (reception side) user includes key 
structure control function 110 (210), encryption algorithm 

20 control function 120 (220), scramble function 130 (230), 
descramble function 140 (240) and cryptographic 
communication control function 150 (250). A key structure 
control data base 180 (280) and encryption algorithm data 
base 190 (290) are connected to the personal computer 100 

25 (200) so as to be accessible therefrom. 

These data bases may be provided separately from the 



34 



J 



J 



personal computers 100, 200 or may be provided integrally 
therewith. The aforementioned data bases may be shared by 
plural personal computers. 

The aforementioned key management work station 500 
5 includes scramble function 530 , descramble function 540, 
cryptographic communication control function 550, 
encryption algorithm generating function 595, network 
encryption control function 560, and network key management 
function 570, and is connected to network encryption 

10 algorithm control data base 590 and network key management 
control data base 580 so as to be accessible therefrom. 
These data bases may be provided separately of the key 
management work station 500 or may be provided integrally 
with the key management work station 500. 

15 Next, the function of the key management work station 

500 will be described with reference to Fig. 2. 

A user ID of each user and encryption algorithm are 
registered in the network encryption algorithm control data 
base DB590 with correspondence therebetween. 

20 The network encryption algorithm control function 570 

controls the data bases for the aforementioned two kinds of 
data, and carries out registration, updating and deletion 
of the encryption algorithm for use by each user. 

The encryption algorithm generating function 595 has a 

25 function for generating the encryption algorithm of series 
A. 
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As for the encryption intensity of the encryption 
algorithm, the longer the length of an operating key, the 
more difficult decryption becomes so that the encryption 
intensity increases thereby improving the security. 
5 Further, if even in the encryption algorithm having 

the same key length, the operating encryption algorithm is 
changed periodically, a period in which a cipher is 
attacked can be limited thereby improving the security on 
communication. 

10 The encryption algorithm generating function 595 

generates different encryption algorithms belonging to 
series A in which the key length for use is the same as or 
longer than current encryption algorithms belonging to 
series A. 

15 The network key structure control function 570 

controls the key to be operated by this system and stores 
information of the key to be used by the user in the 
network key structure control data base. 

The scramble function 530 is a function for encrypting 

20 data to be transmitted by the key management station 400 

(see Fig. 1) to the user and the descramble function 540 is 
a function for decrypting the encoded data received by the 
key management station 400 (see Fig. 1) from the user. 

The network key management function 570 controls the 

25 key to be used for encrypting and decrypting and stores 
information about the key for use by the user with a 



36 



J J 

correspondence to the encryption algorithm operated for the 
key structure control data bases 180 , 280. 

Next, the software function of the personal computers 
100 (200) which are information processing units for use by 
5 the user will be described. 

The encryption algorithm control function 120 (220) 
controls the encryption algorithm operated by the user. 

The operating encryption algorithm converts the 
encryption algorithm according to an instruction from the 
10 key management work station 500. The encryption algorithm 
control data base stores the encryption algorithms to be 
distributed by the key management station 400 (see Fig. 1). 

The scramble function 130 (230) is a function for 
encrypting data to be transmitted by the user and the 
15 descramble function 140 (240) is a function for decrypting 
the encrypted data received by the user. 

The key structure control function 110 (210) controls 
the key for use for encrypting and decrypting and stores 
the keys with a correspondence to the encryption algorithm 
20 to be operated by the key structure control data base 180 
(280). 

Next, the content of information to be stored in data 
base to be accessed from the aforementioned key management 
work station will be described with reference to Figs. 3A 
25 and 3B. 

In Fig. 3A, user ID for identifying a user, name of 
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the encryption algorithm to be operated by the user, a 
correspondence to the encryption algorithm version, 
updating date, key management station ID for identifying 
the key management station, name of the encryption 
5 algorithm to be operated by the key management station, a 
correspondence with the encryption algorithm version and 
its updating date are stored in the network encryption 
algorithm control data base. 

in Fig. 3B, user ID for identifying- a user, name of 

10 the encryption algorithm to be operated by the user, a 

correspondence between encryption algorithm version and key 
information indicating the encryption key to be operated, 
its updating date, key management station ID for 
identifying the key management station, name of the 

15 encryption algorithm to be operated by the key management 
station, a correspondence between the encryption algorithm 
version and key information indicating the encryption key 
to be operated, and its updating date are stored in the 
network key management data base. 

20 Next, the content of information to be stored in the 

data base accessible from the personal computer for use by 
user will be described with reference to Figs. 4A and 4B. 

In Fig. 4A, a name of the encryption algorithm, a 
correspondence of the encryption algorithm version, and its 

25 updating date are stored in the encryption algorithm 
control data base. 
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In Fig. 4B, a name of the encryption algorithm, 
encryption algorithm version, a correspondence to user key 
information indicating user's encryption key, and its 
updating date, and a name of the encryption algorithm, 
5 encryption algorithm version, a correspondence to key 
information of the key management station indicating the 
encryption key of the key management station, and its 
updating date are stored in the key management data base. 
Referring to Fig. 7 , an outline of cryptographic 

10 communication of a case where both the transmission side 
and reception side users share the same encryption 
algorithm (assuming that a common key cipher is operated 
here) will be described. In this case, it is assumed that 
the transmission side user is A, the reception side user is 

15 B and the transmission data to be transmitted therebetween 
is M. 

The user U[A] specifies the user U[B] relative to the 
key management work station 500 and requests to issue a 
session key for use in cryptographic communication. 
20 The key management work station 500 receives this 

request and issues the user U[B] with a session key which 
enables cryptographic communication to the user U[A] . 

If the user U[A] receives this session key, by using 
it with the scramble function 130 of the personal computer 

25 for use, data M is encrypted and transmitted to user U[B] 

v. 

as an encrypted statement. 
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The user U[B] stores the same encryption algorithm as 
the user U[A] in the encryption algorithm data base 190. 
As a result, the user U[B] decrypts the encrypted statement 
transmitted from the user U[A] by the descramble function 
5 140 to obtain data M. 

On the other hand, as a case where the operating 
encryption algorithm differs between the transmission side 
and reception side users, for example, in the operating 
encryption algorithms A[l]-A[n], B[l]-B[m], sometimes a 

10 plurality of encryption algorithms in which methods of the 
common key encryption algorithm and public key encryption 
algorithm are different exist. 

If the user U[A] carries out cryptographic 
communication for the user U[B], in case where both the 

15 users share the same encryption algorithm, the 

cryptographic communication can be carried out without any 
special treatment. However, if the same encryption 
algorithm is not shared, the encryption algorithm possessed 
by user is converted so as to make both the users share the 

20 same encryption algorithm thereby achieving the 
cryptographic communication. 

This encryption algorithm conversion is carried out 
depending on the condition of the encryption algorithm 
possessed by the user as follows. 

25 (1) The encryption algorithms of the same series are 

controlled based on the version number. The encryption 
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algorithm is converted to the other encryption algorithm of 
the same series having the same or a different encryption 
intensity. 

( 2 ) The common key encryption algorithm is converted to 
5 other common key encryption algorithm. 

(3) The public key encryption algorithm is converted to 
other public key encryption algorithm. 

(4) The common key encryption algorithm is converted to 
other public key encryption algorithm. 

10 (5) The public key encryption algorithm is converted to 
other common key encryption algorithm. 

The encryption algorithm mentioned here means a 
procedure for converting a series of data. The encryption 
mentioned here means data conversion and the decryption 
15 means inverse conversion of converted data. 

For example, it is assumed that K is binary data 
string and M is another binary data string. 

Consider the following % function which is determined by K. 
7t(M) = M xor K 
20 where xor indicates exclusive " OR between M and K. 

The data string M has been converted by 7U(M). If tt(M) xor 
K is obtained with respect to this converted data, 

7C(M) xor K = (M xor K) xor K 
= M xor (K xor K) 
25 = M 

The data M is obtained by inversely converting the 
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converted data 7U(M). The procedure for data conversion and 
inverse conversion like this K function is called 
encryption algorithm. 

Next, assuming N data {K x , K 2 , K 3 , •••K N }, a function 
5 corresponding to data Ki is assumed to be % ± . From this N 
it functions, the following two pairs of the functions f, g 
are considered. 

f = 7t 1 07r 2 07t 3 0 O 07C N 

g=7r N o7U N _ 1 o7r N - 2 o o o i 
10 These two pairs of the functions f , g are obtained by 

computation on the n 7U functions sequentially. Therefore, 
f(M) and g(M) indicate a procedure for conversion of data M 
and the converted data f (M) is inversely converted by the 
function g to introduce data M. 
15 Therefore, it can be considered that the functions f , 

g are a single encryption algorithm, so that it can be 
considered that the function f corresponds to encrypting of 
data and the function g corresponds to decrypting of data. 

If the computation order of N % functions or the value 
20 of parameter K ± is changed, another encryption algorithm 
can be obtained. 

The encryption algorithm of the same series mentioned 
in the aforementioned encryption algorithm conversion means 
an encryption algorithm obtained by changing an order of a 
25 part of the data conversion or assembling by changing the 
values of parameters for use. Hereinafter, the encryption 
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algorithm of the same series is referred to as encryption 
algorithm of a different version. 

If such encryption algorithm conversion is carried out, 
the key possessed by the user is also converted 
5 corresponding to the converted encryption algorithm. 
Next, an outline of the encryption algorithm 
conversion operated in network communication to which the 
present invention is applied will be described with 
reference to Fig. 5. 

10 Here, it is assumed that the transmission side user is 

U[A] and the encryption algorithm operated by the U[A] is 
encryption algorithm EANG. On the other hand, it is 
assumed that the reception side user is U[B] and encryption 
algorithm operated by the U[B] is encryption algorithm EBF. 

15 The encryption algorithm EANG and encryption algorithm 

EBF are stored in the network encryption algorithm control 
data base 590 of the key management work station 500 by 
making the former correspond to the user ID of the user 
U[A] and the latter correspond to the user ID of the user 

20 U[B]. 

Further, it is assumed that a key for the key 
management work station 500 to carry out cryptographic 
communication with the user U[A] based on the encryption 
algorithm EANG is K A and a key for the key management work 
25 station 500 to carry out cryptographic communication with 
the user U[B] based on encryption algorithm EBF is K B . 
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The key K A is stored in the key structure control data 
base 180 of the user U[A] and the key K B is stored in the 
key structure control data base 280 of the user U[B] . 
Further, the key K A is stored in the network key management 
5 data base 580 of the key management work station 500 with a 
correspondence to the user ID of the user U[A] and the key 
K B is stored therein with a correspondence to the user ID 
of the user U[B] . 

By taking a case where the user U[A] carries out 
10 cryptographic communication with the user U[B] under the 
above described environment, an outline of the encryption 
algorithm conversion to be operated in this network 
communication system will be described. 

1: The user U[A] specifies a reception side person by the 
15 user ID of the user U[B] by the cryptographic communication 

control function 150 and sends n a request for session key 

issue" to the cryptographic communication control function 

550 of the key management work station 500. 

2: The "request for session key issue" is sent to the 
20 network encryption algorithm control function 560 of the 

key management work station 500. The network encryption 

algorithm control function 560 retrieves in the network 

encryption algorithm data base 590 based on the user ID of 

the user U[A] and user ID of the user U[B]. 
25 The encryption algorithm to be operated by the user 

U[A] is encryption algorithm EANG and the encryption 
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algorithm to be operated by the user U[B] is encryption 
algorithm EBF . Thus, it is determined that the same 
encryption algorithm is not shared and this result is 
transmitted to the cryptographic communication control 
5 function 550. 

3: Receiving this result, the cryptographic communication 
control function 550 starts conversion of the encryption 
algorithm of the user U[B] from EBF to EANG . 

First , the key L B is generated to carry out 
10 cryptographic communication with the user U[B] with 
encryption algorithm EANG and "descramble function 
confirmation end" is specified in plain text data MD. 

Next, the encryption algorithm EANG and key L B are 
encrypted by the encryption algorithm EBF and key K B so as 
15 to create the cipher statement EBF KB (EANG) and EBF K b (L b ). 

Further, the plain text data MD is encrypted with the 
encryption algorithm EANG and key L B so as to create the 
encrypted statement EANG LB (MD) . The aforementioned three 
encrypted statements are created by the scramble function 
20 530 of the key management work station 500. 

These three encrypted statements are sent to the user 
U[B] as "encryption algorithm updating request". 
4: The user U[B] receiving these three encrypted statements 
EBFkb(EANG), EBFkb(L b ) and EANG LB (MD) decrypts these 
25 encrypted statements by the descramble function 240. 

First, the encrypted statement EBF KB (EANG) and 
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encrypted statement EBFkb(L b ) are decrypted by the key K B 
stored in the key structure control data base 280 so as to 
obtain the encryption algorithm EANG and key L B . 

The encryption algorithm control function 220 stores 
5 the obtained encryption algorithm EANG in the encryption 
algorithm data base 290 and updates the operating condition 
of the encryption algorithm from the encryption algorithm 
EBF to the encryption algorithm EANG. The key structure 
control function 210 stores the obtained key L B in the key 
10 structure control data base 280. 

In this manner, the encryption algorithm and key are 
updated. 

Next, by using the updated encryption algorithm EANG 
and key L B , the encrypted statement EANG LB (MD) is decrypted 

15 so as to obtain a plain text data MD. It is confirmed that 
the obtained plain text data MD is written as "descramble 
function confirmation is terminated" and then it is 
confirmed that the descramble function 240 by the converted 
encryption algorithm EANG is operated properly. 

20 5: Next, the plain text data MS is written as "scramble 
function confirmation is terminated" and by operating the 
scramble function 230, the encrypted statement EANG LB (MS) 
is created using the encryption algorithm EANG and key L B . 

This created encrypted statement is distributed to the 

25 key management work station 500 as the "encryption 
algorithm updating report". 



46 



6: Receiving the "encryption algorithm updating report", 
the key management work station 500 decrypts the encryption 
algorithm EANG and key L B so as to obtain the plain text 
data MS. It is confirmed that the obtained plain text data 
5 MS is written as "scramble function confirmation is 
terminated" and then it is confirmed that the scramble 
function 230 by the encryption algorithm EANG converted by 
the user U[B] is operated properly. As a result, it is 
confirmed that the encryption algorithm conversion, the 
10 scramble function 230 and descramble function 240 for 
carrying out encrypting and decrypting are operated 
properly and then the encryption algorithm conversion is 
terminated. 

7: As a result of the above procedure, the user U[A] and 
15 user U[B] become capable of sharing the same encryption 
algorithm EANG. The users U[A] and U[B] restart 
cryptographic communication and the key management work 
station carries out "session key issue" based on the 
algorithm EANG to the user U[A] . 
20 In the above description, the procedures for 

distribution of the encryption algorithm upon encryption, 
conversion of the key to be operated and confirmation of 
the operation of the converted encryption algorithm have 
been described, 

25 A detail of the encryption algorithm conversion has 

been described. Here, an attention is paid to which the 
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operating cipher is public key cipher or common key cipher 
and then, the encryption algorithm conversion (second 
embodiment of the present invention) in a case where the 
cryptographic communication system is constructed of the 
5 common key cipher will be described and secondly, the 
encryption algorithm conversion (third embodiment of the 
present invention) in a case where the cryptographic 
communication system is constructed of public key cipher 
will be described. Because the basic composition of these 
10 embodiments is the same as the aforementioned first 
embodiment, in the following description, mainly a 
different point therefrom will be stated and a detail of 
the encryption algorithm conversion of each case will be 
described. 

15 First, the second embodiment of the present invention 

will be described with reference to Figs. 6-10. Here, the 
encryption algorithm conversion in the cryptographic 
communication system constructed of the common key cipher 
will be described. That is, the encryption algorithm 

20 conversion in a case where the operating encryption 
algorithms A[l]-A[n] and B[l]-B[m] are all common key 
encryption algorithms in the cryptographic communication 
system of Fig. 1 will be described. 

The cryptographic communication based on the common 

25 key encryption algorithm will be described with reference 
to Figs. 6 and 7 . 
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As a presumption for carrying out cryptographic 
communication, user ID and a secret key as master key are 
allocated to each user using information processing unit 
such as a personal computer from the key management station 
5 500. Then, the master key allocated to each user is 

registered and controlled in the network key management 
data base 580 of the key management work station 500 with a 
correspondence to the user ID. Likewise, the secret key 
Pcid is allocated to the key management station 500 as the 
10 master key. 

This embodiment uses duplex encryption method in which 
the encryption algorithm of the scramble key k s for use in 
data encryption and the encryption algorithm of the session 
key for use in dispatch of the descramble key K D are 
15 composed of different encryption algorithms, thereby 

intending to improve the security as compared to the case 
where the same encryption algorithm is used. In this 
embodiment, it is assumed that the encryption algorithm for 
operating the session key and master key uses the same 
20 encryption algorithm. 

Hereinafter, by taking a case where cryptographic 
. communication is carried out from the user u[A] to the user 
U[B], a content of the cryptographic communication will be 
described. 

25 (1) In case where the user U[A] carries out cryptographic 
communication with the user U[B], the user U[A] requests 
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the key management station 500 for issue of the session key. 
Here, it is assumed that the user U[A] is a transmission 
side user and the user U[B] is a reception side user. 
Receiving this session key issue request, the network 
5 encryption algorithm control function 560 of the key 
management work station 500 retrieves in the network 
encryption algorithm data base 590 and determines whether 
or not the encryption algorithm used by the user U[A] is 
the same as that used by the user U[B]. 

10 (2) When it is determined that the user U[A] and user U[B] 
use the same encryption algorithm, the network key 
management function 570 of the key management work station 
500 generates a session key P T with that encryption 
algorithm. Next, the master key PID of the transmission 

15 side user and the master key P Y i D of the reception side user 
are fetched out from the network key management data base 
580 and a plain text of the session key P T is encrypted so 
as to create the encrypted statements E PID (P T ). E PY i D (Pt). 
This encrypted statement is transmitted to such an 

20 information processing unit as a personal computer used by 
the transmission side user. 

(3) In the personal computer for use by the transmission 
side user, the master key Pi D of that user controlling the 
computer is fetched out from the key structure control data 
25 base 180. Using this key # the transmitted session key 

encrypted is decrypted so as to obtain the session key P T . 
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(4) On the other hand, receiving the data M input by the 
user, the scramble key k s for encrypting this data M and 
descramble key K D for decrypting it are generated. 

( 5 ) Next , the data M input by the user is encrypted by the 
5 scramble key k s so as to create an encrypted statement 

Eks(M) . Likewise, the descramble key K D is encrypted with 
the session key P T so as to create the encrypted statement 
Ept (k D ). These two encrypted statements and the 
transmitted encrypted statement E PY id(Pt) are transmitted to 
10 such information processing unit as a personal computer for 
use by the reception side user. 

(6) The personal computer of the reception side user 
fetches the master key P Y id of this user from the key 
structure control data base 280 and the encrypted session 

15 key E PYID (P T ) by this key is decrypted so as to obtain the 
session key P T . Next, the transmitted encrypted descramble 
key E PT (K D ) is decrypted with the session key P T so as to 
obtain the descramble key K D . 

Finally, the encrypted statement E ks (M) of data 

20 transmitted with this descramble key K D is decrypted so as 
to obtain the data M. 

If the network encryption algorithm control function 
of the key management work station 500 determines that the 
user U[A] and user U[B] do not use the same encryption 

25 algorithm, it carries out conversion of the encryption 

algorithm of the user U[B] for the users U[A] and U[B] to 
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be able to operate the same encryption algorithm. 

Next, the procedure for encryption algorithm 
conversion of this embodiment will be described with 
reference to Figs. 6, 8 and 9. 
5 (1) If the network encryption algorithm control function 

560 receives a session key issue request containing user ID 
of the transmission side user and user ID of the reception 
side user from the transmission side user and retrieves in 
the network encryption algorithm data base 590 with the 

10 transmitted user ID as a key, so as to grasp the operating 
condition of the encryption algorithm operated by the 
transmission side user and reception side user. As shown 
in Fig. 6, the cryptographic communication system applies 
duplex encryption method by the common key cipher, so that 

15 two kinds of encryption algorithms, that is, encryption 
algorithm for use in encrypting of data and encryption 
algorithm for use in operating the session key are used. 
If the two kinds of the encryption algorithms operated by 
the transmission side user and reception side user do not 

20 agree with each other, cryptographic communication between 
both the parties cannot be achieved. 

If no coincidence occurs as a result of retrieval in 
the network encryption algorithm data base 590, the 
encryption algorithm BANG operated by the transmission side 

25 user is fetched out. The fetched encryption algorithm is 

supplied with an identifier for identifying whether it will 
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be used for encrypting of data or operating the session key. 
If the two kinds of the encryption algorithms do not 
coincide with each other, the two kinds of the encryption 
algorithms are fetched out. 
5 Assuming that the encryption algorithm operated by the 

reception side user is EBF, this encryption algorithm EBF 
is converted to the encryption algorithm EANG fetched out. 
(2) The network key management function 570 of the key 
management work station 500 generates the session key P TA 

10 with the encryption algorithm EBF prior to conversion and 
generates the session key P TB with the encryption algorithm 
EANG after the conversion. If there is no change in the 
algorithm for operating the session key, the P TA is equal to 
the P TB . Next, the user ID key of the reception side user 

15 is retrieved in the network key management data base 580 
and the master key P Y id of the reception side user is 
fetched out. 

If the encryption algorithm is converted, the key 
length of the key to be used for cryptographic 
20 communication or bit length increases or decreases. 

Therefore, in this case, it is demanded that a change of 
the key length of the encryption key is carried out with a 
conversion of the encryption algorithm. 

Conversion of the encryption key accompanied by a 
25 conversion of the encryption algorithm will be described 
with reference to Fig. 10A and Fig. 10B. 
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A case where the bit number of the key decreases is as 
follows. As shown in Fig. 10A, redundant bit numbers after 
the master key P YID of the reception side user and after the 
master key P C id of the key management station 500 are 
5 deleted so as to obtain new master key P YIDC for the 
reception side user and master key P C idc for the key 
management station 500. 

On the other hand, a case where the bit number of the 
key increases is as follows. As shown in Fig. 10B, random 
10 numbers YR, CR are generated corresponding to short bit 

numbers, so that a new master key Pyidc (Pyidc = Pyid II YR) for 
the reception side user is obtained by connecting a random 
number YR to the P Y id and a new master key Pcidc (C C idc - C C id 
II CR) for the network key management work station 500 is 

15 obtained by connecting the random number CR to the P C id- 

Because there is a possibility that the updated master 
keys Pyidc # Pcidc of the users are equal to the master keys of 
the other users, by retrieving the network key management 
data base 580, it is confirmed if there is same master key 

20 or not and if there is a user of the same master key, a new 
master key of a required length is generated. 
(3) The following encrypted statement is produced using the 
encryption algorithm EBF prior to conversion at the key 
management work station 500. 

25 1: The session key P T a is encrypted with the encryption 

algorithm EBF prior to conversion and master key P Y id so as 
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to create the encrypted statement EBF PYID (Pta). 
2: The encryption algorithm EANG is encrypted with the 
encryption algorithm EBF prior to the conversion and the 
session key Pta so as to create the encrypted statement 
5 EBFp TA (EANG) . 

3: The master key P Y i DC of the reception side user after the 
conversion is encrypted with the encryption algorithm EBF 
prior to the conversion and session key P TA so as to create 
the encrypted statement EBF PTA (Pyidc). If there is no change 
10 in the master key of the reception side user, this 
encrypted statement is not created. 

(4) The following encrypted statement is created using the 
encryption algorithm EANG after the conversion at the key 
management station 500. 

15 1: The session key P T to be operated by the encryption 
algorithm after the conversion is encrypted with the 
encryption algorithm EANG after the conversion and the 
master key P YIDC of the reception side user after the 
conversion so as to create the encrypted statement 

20 EANG pyidc (Ptb) . 

If there is no change in the encryption algorithm for 
operating the session key, this encrypted statement is the 
same as the EBF PYID (P TA ) . 

2. The session key P TB to be operated by the encryption 
25 algorithm after the conversion with the encryption 

algorithm EANG after the conversion and the master key P C i D c 
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of the key management work station 500 after the conversion 
has been encrypted so as to create the encrypted statement 
EANGpcidc ( Ptb ) • 

If there is no change in the encryption algorithm for 
5 operating the session key, this encrypted statement is the 
same as the encrypted statement EBF PC id (Pta) produced by 
ciphering the session key P TA to be operated based on the 
encryption algorithm before the conversion with the 
encryption algorithm EBF before the conversion and the 
10 master key P C id of the key management work station 500 
before the conversion. 

3: The plain text data MD is written as * confirmation of 
descramble function after algorithm conversion is 
terminated" . 

15 A scramble key k sc for encrypting plain text data MD 

and a descramble key K DC for decrypting both with the 
encryption algorithm EANG after the conversion, are 
generated. 

Next, the data MD is encrypted with the scramble key 
20 ksc so as to create an encrypted statement E ksc (MD) . 
Likewise, the descramble key K DC is encrypted with the 
session key P TB to be operated with the encryption algorithm 
after the conversion so as to create the encrypted 
statement EANG PT b(K D c) • 
25 (5) At the key management work station 500, three encrypted 
statements have been produced in the above (3), EBF Py i D (P T a)# 
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EBF PTA (EANG) and EBF PTA (P Y i D c) and four encrypted statements 
have been produced in the above (4) EANG PY idc ( Ptb ) / 
EANGpcidc(Ptb) . E ksC (MD) AND EANG PTB (K d c) . These statements are 
sent to a reception side user as "encryption algorithm 
5 conversion request". Here, the three encrypted statements 
produced in the above (3) are information for converting 
the encryption algorithm of the reception side user and the 
four encrypted statements produced in the above (4) are 
information for confirming whether or not the converted 
10 encryption algorithm operates properly after the encryption 
algorithm is converted. 

(6) After the encryption algorithm of the reception side 
user is converted and the master key is updated, the 
reception side user is operating the EBF as the encryption 
15 algorithm and possesses the P Y id as the mater key. From an 
encrypted statement transmitted from the key management 
work station, 

1: the encrypted statement EBF PY id (Pta) is decrypted with 
the Pyid as the master key so as to obtain the session key 
20 P TA . 

2: The encrypted statement EBF PTA (EANG) is decrypted with 
the session key P TA so as to obtain the encryption algorithm 
EANG. 

3: The encrypted statement EBF PTA (P Y i D c) is decrypted with 
25 the session key P T a so as to obtain the master key P Y i DC . 

In the above manner, the reception side user obtains 
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the encryption algorithm EANG and master key P Y idc. Then, 
the obtained encryption algorithm EANG is registered in the 
encryption algorithm control data base 290 and the 
encryption algorithm to be operated by the encryption 
5 algorithm control function 220 is converted from EBF to 
EANG. 

If the master key of a reception side user is updated, 
the master key is changed from P YID to P Y idc by the key 
structure control function 210, 

10 (7) The descramble function 240 is confirmed by the 

encryption algorithm converted by the reception side user. 

The encrypted statement transmitted from the key 
management work station 500 is decrypted by the descramble 
function 240 using the converted encryption algorithm and 

15 it is confirmed that the descramble function 240 operates 
properly . 

1: The encrypted statement EANGp YIDC ( Ptb ) is decrypted with 
Pyidc as the master key so as to obtain the session key P TB . 
2: The encrypted statement EANGp TB (k DC ) is decrypted with 

20 the session key P TB so as to obtain the descramble key k DC . 
3: The encrypted statement Efc SC (MD) is decrypted with the 
descramble key k DC so as to obtain a plain text data MD. 
4: It is confirmed that the plain text data MD is written 
as "confirming the descramble function after the algorithm 

25 conversion has been terminated* and then it is confirmed 
that the descramble function 240 operates properly. 
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(8) Driving the scramble function 230 using the converted 
encryption algorithm of a reception side user 

To confirm that the scramble function 230 using the 
converted encryption algorithm operates properly, plain 
text data is set and encrypted by the scramble function 230 
and then transmitted to the key management work station 500. 
1: The plain text data MS is written as * algorithm 
conversion confirmation test is terminated" . A scramble 
key K su for encrypting this plain text data MS with the 
encryption algorithm EANG after the conversion and a 
descramble key K du for decrypting are generated. Next, the 
data MS is encrypted with the scramble key k su so as to 
produce an encrypted statement EANG ksu (MS). Likewise, the 
descramble key K du is encrypted with the obtained session 
key P TB so as to create the encrypted statement EANG PTB (k Du ) . 
2: Produced two encrypted statements EANGptb ( kou ) and EANG ksu 
(MS) and an encrypted statement EANG PC idc ( Ptb ) transmitted 
from the key management work station 500 are returned to 
the key management work station 500 as "encryption 
algorithm conversion confirmation request". 

(9) Confirmation of encryption algorithm conversion at the 
key management work station 500 

The encrypted statement returned from the reception 
side user is decrypted so as to confirm that the scramble 
function 230 for the converted encryption algorithm of the 
reception side user operates properly. Then, it is 
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confirmed that the encryption algorithm after the 
conversion operates properly. 

1: The encrypted statement EANG PC idc(Ptb) is decrypted with 
the master key Pcidc of the key management work station 500 
5 so as to obtain the session key P T b- 

2: The encrypted statement EANG PT b (K du ) is decrypted with 
the session key Ptb so as to obtain the descramble key K DU . 
3: The encrypted statement E ksu (MS) is decrypted with the 
descramble key k Du so as to obtain a plain text data MS. 

10 4: It is confirmed that the obtained plain text data MS is 
written as "algorithm conversion confirmation test is 
terminated" and it is confirmed that the scramble function 
230 of a reception side user operates properly. Then, it 
is confirmed that the encryption algorithm after the 

15 conversion operates properly. 

In the network communication system in which the 
common key cipher is operated, the algorithm conversion can 
be carried out. 

As a result of this algorithm conversion, it comes 

20 that the user U[A] and user U[B] share the same encryption 
algorithm. As a result, the user U[A] and user U[B] are 
enabled to carry out cryptographic communication by the 
steps shown in Fig. 7. 

In this embodiment, in case where the user U[A] and 

25 user U[B] possess an encryption algorithm of the same 
series having the same intensity or having a different 
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intensity, it is possible to convert to an encryption 
algorithm having a high intensity by the network encryption 
algorithm control function 560. 

In this case, if the user U[A] has an encryption 
5 algorithm having a higher intensity than the user U[B], the 
encryption algorithm of the user U[B] is converted to an 
encryption algorithm of the user U[A] . Conversely if the 
encryption algorithm of the user U[B] has a higher 
intensity, the encryption algorithm of the user U[A] is 

10 converted to that of the user U[B]. This algorithm 

conversion can be carried out in the same procedures as 
shown in Figs, 6, 8 and 9. 

Next, a case in which the security is improved by 
raising the encryption intensity of an encryption algorithm 

15 controlled by the key management work station 500 or by 

changing the encryption algorithm version without changing 
the encryption intensity will be described. 

As shown in Fig. 1, the encryption algorithms A[l]- 
A[n] are encryption algorithms controlled by the key 

20 management work station 500 of the same A cipher series and 
the key management work station 500 has a function for 
generating this encryption algorithm. By changing the 
encryption algorithm, it is possible to change the 
encryption intensity or procedure for encryption 

25 computation. As compared to use of the same encryption 

algorithm, the security of the cryptographic communication 
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system can be improved. 

The user ID of a user operating the same A series 
encryption algorithm is U[Ai # j] and the key management 
work station 500 selects a user which changes the 
5 encryption algorithm from these users. Then, by using the 
function for generating the encryption algorithm, a new 
encryption algorithm is generated and the newly generated 
encryption algorithm is distributed to a user determined to 
change the encryption algorithm. 

10 This distribution can be carried out in the same 

manner as the above described algorithm conversion of the 
encryption algorithm. 

Cases for distributing an encryption algorithm of a 
different version and an encryption algorithm having a 

15 different encryption intensity have been described above. 

The encryption algorithm of each user is converted to 
an encryption algorithm distributed thereto. The 
encryption algorithm before the conversion is not deleted 
but stored in the encryption algorithm data base 190, 290 

20 of each user. The key management work station 500 controls 
the encryption algorithm stored in the encryption algorithm 
data base 190, 290 of each user by using the network 
encryption algorithm control data base 590. 

Consequently, in case when a request for cryptographic 

25 communication from the user U[A] to the user U[B] occurs, 
if a common encryption algorithm exists in the encryption 
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algorithm data bases 190 , 290 of both the users, the key 
management work station 500 does not have to distribute any 
encryption algorithm. If the key management work station 
500 dispatches an instruction for changing over to the 
5 common encryption algorithm, the cryptographic 

communication from the user U[A] to the user U[B] is 
enabled. 

The encryption algorithm conversion of a case when the 
cryptographic communication system is composed of common 
10 key ciphers has been described above. 

A third embodiment of the present invention will be 
described with reference to Figs. 11-15. Here, encryption 
algorithm conversion of a network communication system in 
which a public key cipher is operated or a case where the 
15 cryptographic communication system is composed of the 
public key cipher will be described. 

In the network communication system shown in Fig. 1, 
it is assumed that all the encryption algorithms A[l]-A[n], 
B[l]-B[m] to be operated are public key cipher algorithms. 
20 Cryptographic communication by the public key cipher 

algorithm will be described with reference to Fig. 12. 

As the public key cipher algorithm, for example, 
elliptical curve cipher algorithm is applicable. It is 
assumed that a base point of an elliptical curve necessary 
25 for describing computation of this elliptical curve cipher 
key is P. The elliptical curve cipher has been stated in 
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for example, "Quick Encryption Method Using Elliptical 
Curve" by Kazuo Takaragi and Hiroyuki Kurumaya, in 
Technical Report of IEICE ISEC 97-15(1997-07). 

In case when cryptographic communication is carried 
5 out f an issue of the session key is received from the 

network key management function 570 of the key management 
work station 500 , data received based on this key is 
encrypted so as to create an encrypted statement and then 
transmitted to the descramble function 240 of a personal 

10 computer of a reception side user. 

The descramble function 240 decrypts the transmitted 
encrypted statement so as to obtain data. 

As a presumption for operating the cryptographic 
communication processing portion, a user ID, a secret key 

15 dio as a master key and a public key Qi D (= P*di D : • is 
computation on elliptical curve) corresponding to this 
secret key are allocated by the key management work station 
500 to each user using such information processing unit as 
a personal computer. The public key Qi D allocated to user 

20 is registered and controlled in the network key management 
data base 580 of the key management work station 500 with a 
correspondence to the user ID. Likewise, a secret key d c as 
the mater key and a public key Q c (= P'd c : ■ is computation 
on elliptical curve) corresponding to this secret key are 

25 allocated to the key management work station 500. The 
public key Q c of the key management work station 500 is 
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open to all users of this system. 

According to this embodiment, data encryption is 
carried out with the scramble key K s and data decrypting is 
carried out with the descramble key K D . Distribution of 
5 this descramble key K D is carried out by the elliptical 

curve cipher which is a public key cipher. As a common key 
encryption algorithm for operating the scramble key K s , 
descramble key K D , for example, MULT I 2 encryption algorithm 
can be used. The MULT I 2 encryption algorithm (Hitachi, 

10 "MULTI2" , Registration of cryptographic algorithm, 

ISO9979/0009, NCC, UK (1994)) is an encryption algorithm 
which has achieved actual performance in for example, CS 
digital broadcasting (digital broadcasting using 
communication satellite) . 

15 Hereinafter, a case where cryptographic communication 

is carried out from the user U[A] to the user U[B] will be 
described. It is assumed that the user U[A] is 
transmission side user and the user U[B] is reception side 
user. 

20 (1) Upon cryptographic communication from the user U[A] to 
the user U[B], the user U[A] requests the key management 
work station 500 for session key issue. Receiving this 
session key issue request, the network encryption algorithm 
control function 560 of the key management work station 500 

25 retrieves in the network encryption algorithm data base 590 
so as to determine whether or not the encryption algorithm 
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used by the user U[A] is equal to the encryption algorithm 
used by the user U[B] . 

(2) If it is determined that the user U[A] and user U[B] 
use the same encryption algorithm, the network key 

5 management function 570 of the key management work station 
500 retrieves in the network key management data base 580 
with the user ID as a key and fetches out a public key Q Y id 
corresponding to a master key of a reception side user and 
a public key Q ID corresponding to a master key of the 

10 transmission side user. 

Signature producing computation is carried out with 
the secret key d c which is the master key of the key 
management work station 500 to the fetched out public key 
Qyid and public key Qi D so as to create signature data S dc 

15 (Qyid) and signature data Sdc(Qn>) . With this public key Q yiD 
as a session key, the signature data S dc (Qyid) and signature 
data S dc (Qid) are transmitted in combination to the 
transmission side user so as to issue the session key. 

(3) A user receiving the public key Qyid, signature data 
20 Sdc (Qyid) and signature data S dc (QiD) carries out signature 

verifying computation on the signature data S dc (QYiD) and Qyid 
using the public key Q c of the key management work station 
500 so as to confirm that the public key Qyid is a key 
transmitted from a proper key management work station 500 
25 and a key allocated to a proper reception side user 
intended to communicate with. 
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In this manner, the transmission side user receives an 
issue of a public key for use as a session key. 
(4) The transmission side user generates the scramble key 
K s for encrypting data M to be transmitted and the 
5 descramble key K D for decrypting. 

Next, the data M inputted by the user is encrypted 
with the scramble key K s so as to create an encrypted 
statement E Ks (M) . 

Further, the descramble key K D is encrypted with the 
10 transmitted public key Qyid as a session key so as to 
generate an encrypted descramble key E QY id (K D ) . 

To guarantee that the data M to be transmitted has 
been created by the transmission side user, signature 
producing computation is carried out to the data M to be 
15 transmitted with the secret key di D as a master key 
allocated to the transmission side user from the key 
management work station 500 and the signature data S d i D (M) 
is produced. 

In case of public key cipher, the transmitted key Qyid 
20 can be used as an encryption key as it is. 

Five data, that is, two encrypted statements E K s(M) and 
Eqyid(Kd), signature data S d iD(M) about the data M, signature 
data S dc (Qid) about a public key of transmission side user 
transmitted from the key management work station 500, and 
25 public key Qi D of the transmission side user are sent to the 
reception side user. 
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(5) Receiving the five data, the reception side user 
carries out signature verifying computation on the 
signature data S dc (QiD) and Q ID using the public key Qc of 
the key management work station 500, so as to confirm that 
5 the public key Q ID has been transmitted from a proper key 
management work station 500 , thereby ensuring that that key 
is a public key allocated to the transmission side user 
properly. 

Then, the encrypted descramble key E QY i D (K D ) is 
10 decrypted with the secret key d Y i D as a master key which is 
allocated to the reception side user from the key 
management work station 500 so as to obtain the descramble 
key K D . 

Next, the encrypted statement E Ks (M) is decrypted with 
15 this descramble key K D so as to obtain the data M. 

Finally, signature verifying computation is carried 
out on the signature data S d iD (M) and data M with the 
public key Qi D transmitted from the transmission side user 
so as to ensure that the data M is data transmitted from a 
20 proper transmission side user. 

Consequently, in the network communication system, the 
user U[A] is capable of carrying out cryptographic 
communication with the user U[B] . 

On the other hand, if the encryption algorithm control 
25 function determines that the user U[A] and user U[B] don't 
use the same encryption algorithm, it converts the 
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encryption algorithm of the user U[B] for both the users 
U[A] and U[B] to be able to use the same encryption 
algorithm. 

Encryption algorithm conversion in a network 
5 communication system operating the public key encryption 
algorithm will be described with reference to Figs. 11, 13 
and 14. 

(1) Receiving a session key issue request containing the 
user ID of the transmission side user and user ID of the 

10 reception side user from the transmission side user, the 

network encryption algorithm control function 560 retrieves 
in the network encryption algorithm control data base 590 
with a transmitted user ID as a key and grasps a condition 
of the encryption algorithm operated by the transmission 

15 side user and reception side user. As shown in Fig. 11, 
the network communication system employs cryptographic 
communication system based on duplex encryption method. A 
common key encryption algorithm is used for data encryption 
and a public key encryption algorithm is used for operating 

20 the session key. 

Unless two kinds of the encryption algorithms operated 
by the transmission side user and reception side user agree, 
cryptographic communication between the both cannot be 
carried out . 

25 If the two kinds of the encryption algorithms do not 

agree as a result of querying on the network encryption 
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algorithm management data base 590, the encryption 
algorithm EANG operated by the transmission side user is 
fetched out. The fetched encryption algorithm is supplied 
with an identifier for indicating whether it is used for 
5 data encryption or operation of the session key. Of course, 
if each of the two kinds of the encryption algorithms does 
not agree, the two kinds of the encryption algorithms are 
fetched out. 

Assuming that the encryption algorithm operated by the 
10 reception side user is EBF, the encryption algorithm is 

converted from this encryption algorithm EBF to the fetched 
out encryption algorithm EANG. 

(2) The network key management function 570 of the key 
management work station 500, with the user ID as a key, 

15 retrieves in the network key management data base 580 and 
fetches out a public key Q Y i D corresponding to a master key 
of a reception side user for the encryption algorithm EBF 
before the conversion. 

In case where the encryption algorithm is changed to 

20 the encryption algorithm EANG, there is a possibility that 
the master key cannot be used under the encryption 
algorithm EBF before the conversion of the reception side 
user. In this case, the network key management function 
570 determines whether the master key of the reception side 

25 user is compatible for conversion of the encryption 
algorithm and if it is determined that there is no 
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compatibility, a new public key is generated for the 
reception side user. 

As the new master key, the secret key d Y iDc is 
generated and a public key Qyidc corresponding to this 
5 secret key is generated. 

In the key management work station, both the 
encryption algorithm EBF before the conversion and 
encryption algorithm EANG after the conversion are supplied 
with a corresponding master key. 
10 A secret key as a master key corresponding to the 

encryption algorithm EBF before the conversion is d c and a 
public key corresponding to this secret key is Q c . 

It is assumed that the secret key which is a master 
key suitable for the encryption algorithm EANG after 
15 conversion is d cc and a public key corresponding to this 
secret key is Q C g. 

(3) The network key management function 570 creates the 
following encrypted statement and signature data using the 
encryption algorithm EBF prior to the conversion. 
20 1: A scramble key K S b for encrypting the encryption 

algorithm EANG and secret key dymc with the encryption 
algorithm EBF prior to the conversion and a descramble key 
K DB for decrypting are generated. 

2: The encryption algorithm EANG and secret key d Y iDc is 
25 encrypted with the scramble key K SB so as to create the 

encrypted statement EBF K sb (EANG) and encrypted statement 
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EBFrsb (dyiDc)- Further, the descramble key K DB is encrypted 
with the fetched public key Q Y id as a master key so as to 
create the encrypted statement EBFq YID (K db ) . 
3: Signature producing computation is carried out on the 
5 generated secret key D Y i DC and public key Qyidc with the 
encryption algorithm EBF prior to the conversion and the 
secret key d c which is a master key of the key management 
work station 500, so as to create the signature data 
Sdc(dyiDc) and signature data S dc ( Qyidc ) • 

10 4: Signature producing computation is carried out on the 

encryption algorithm EANG with the encryption algorithm EBF 
prior to the conversion and the secret key d c which is a 
master key of the key management work station 500, so as to 
create signature data S dc (EANG). 

15 5: Signature producing computation is carried out on the 
public key Q C g which is a master key of the key management 
work station 500 to be applied to the encryption algorithm 
EANG after the conversion, with the encryption algorithm 
EBF prior to the conversion and the secret key d c which is 

20 a master key of the key management work station 500, so as 
to create signature data S dc (Qcg) • 

(4) The scramble function 530 creates the following 
encrypted statement and signature data using the encryption 
algorithm EANG after the conversion. 
25 1: The plain text data MD is written as "confirmation of 
descramble function after algorithm conversion is 
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terminated" . 

A scramble key K S c for encrypting the plain text data 
MD with the encryption algorithm EANG after the conversion 
and a descramble key K DC for decrypting are generated. Next, 
5 the data MD is encrypted with the scramble key K sc so as to 
create the encrypted statement EANG KS c (MD) and then the 
descramble key K DC is encrypted with the public key Q Y idc to 
be operated as a session key in the encryption algorithm 
after the conversion, so as to create the encrypted 

10 statement EANG QY idc ( K DC ) . 

2: Signature producing computation is carried out on the 
generated public key Qyidc and plain text data MD with the 
secret key d cg allocated as a master key of the key 
management work station 500 with the encryption algorithm 

15 EANG after the conversion, so as to create signature data 
S d cg( Qyidc) and S dcg (MD) . 

(5) The three encrypted statements EBFq Y id(K db ) , EBF KS b ( EANG ) , 
EBFksb ( dyiDc ) produced in the above (3), four signature data 
S d c(d Y iDc), S dc (Q YID c), Sd C (EANG) and S dc (QcG). newly generated 

20 public key Q Y idc # public key Q CG of the key management work 
station 500, the two encrypted statements EANG KS c(MD), 
EANGq Y idc(K dc ) produced in the above (4), and two signature 
data S dcg ( Qyidc) , S dcg (MD) are transmitted to a reception side 
user as "encryption algorithm conversion request". Here, 

25 the encrypted statement and signature data produced in the 
above (3) are information for converting the encryption 
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algorithm of the reception side user and the four encrypted 
statements and signature data produced in the above (4) are 
information for recognizing whether or not the converted 
encryption algorithm functions properly after that 
5 encryption algorithm is converted. 

The network key management function 570 stores the 
generated public key Qyidc which is a master key of the 
reception side user in the network key management data base 
580 with a correspondence to the encryption algorithm EANG. 
10 (6) Conversion of the encryption algorithm of the reception 
side user and updating its master key 

The reception side user operates EBF as the encryption 
algorithm and possesses the secret key d Y iD as its master 
key and the public key Q c of the key management work 
15 station 500 to be operated by the encryption algorithm EBF. 

From the encrypted statement transmitted from the key 
management work station 500. 

1: The encrypted statement EBF QY id (K db ) is decrypted with 
the secret key d Y i D as the master key so as to obtain the 

20 descramble key K DB . Next, the encrypted statement 

EBFksb(EANG) is decrypted with this descramble key K DB so as 
to obtain the encryption algorithm EANG. Signature 
verifying computation is carried out on the signature data 
Sdc(EANG) and the obtained encryption algorithm EANG with 

25 the public key Q c of the key management work station 500 so 
as to ensure that the obtained encryption algorithm EANG 
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has been transmitted from a proper key management work 
station 500. 

2: The encrypted statement EBFrsb (dyiDc) is decrypted using 
the descramble key K DB and then a secret key d YIDC is 
5 obtained as a master key of a given user to be operated on 
the converted encryption algorithm EANG. 

Using the public key Q c of the key management work 
station 500 , signature verifying computation is carried out 
on the signature data S dc (dyi D c) and the obtained secret key 

10 dyioc, so as to determine whether or not the obtained secret 
key d Y iDc has been transmitted from a proper key management 
work station 500. Likewise, signature verifying 
computation is carried out on the signature data S dc (Q Y iDc) 
and the public key Qyidc which is a transmitted master key 

15 using the public key Q c of the key management work station 
500 so as to determine that the obtained public key Qyidc 
has been transmitted from a proper key management work 
station 500. 

3: Signature verifying computation is carried out on the 
20 signature data S dc (QcG) and the public key Q CG to be operated 
on the transmitted encryption algorithm EANG converted of 
the key management work station 500, using the public key 
Qc of the key management work station 500, so as to 
determine whether or not the transmitted public key Q C g is a 
25 public key sent from a proper key management work station 
500. 
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In this manner, the reception side user obtains the 
encryption algorithm EANG, a secret key d Y i D c as a master 
key, a public key Qyidc corresponding to this secret key, 
and a public key Q CG to be operated on the converted 
5 encryption algorithm EANG of the key management work 

station 500. Then, the obtained encryption algorithm EANG 
is registered in the encryption algorithm control data base 
290 and the encryption algorithm to be operated by the 
encryption algorithm control function 220 is converted from 
10 the encryption algorithm EBF to the encryption algorithm 
EANG, 

If the master key of a reception side user is changed, 
the secret key as the master key is updated from d Y n> to 
dyiDc by the key structure control function 210. 

15 (7) Confirmation of the descramble function 240 by the 
converted encryption algorithm of a reception side user 

An encrypted statement transmitted from the key 
management work station 500 is decrypted by the descramble 
function 240 using a converted encryption algorithm so as 

20 to determine whether or not the descramble function 240 
operates properly. 

1: The encrypted statement EANG QYIDC (K dc ) is decrypted 
using the secret key d Y iDc as a master key so as to obtain 
the descramble key K DC . 
25 2: The encrypted statement EANG K sc (MD) is decrypted with 

the descramble key K DC so as to obtain a plain text data MD. 
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Next, signature verifying computation is carried out on the 
signature data S dcg (MD) and the obtained plain text data MD 
using the public key Q C g of the key management work station 
500, so as to determine that the obtained plain text data 
5 MD has been transmitted from a proper key management work 
station 500. 

3: It is confirmed that the plain text data MD is 
"confirmation of the descramble function after algorithm 
conversion is terminated". Then, it is confirmed that the 

10 descramble function 240 operates properly. 

(8) Driving the scramble function by the converted 
encryption algorithm at a reception side user 

To ensure that the scramble function 230 of the 
converted encryption algorithm operates properly, plain 

15 text data is set up, encrypted by the scramble function 230 
and transmitted to the key management work station 500. 
1: The plain text data MS is written as "algorithm 
conversion confirmation test is terminated" . The scramble 
key K su for encrypting the aforementioned plain text data MS 

20 and the descramble key K DU for decrypting are generated with 
the encryption algorithm EANG after the conversion. Next, 
the plain text data MS is encrypted by the scramble key K S u 
so as to create an encrypted statement EANG K su (MS) . 
Likewise, the descramble key K DU is encrypted with the 

25 public key Qcg of the key management work station 500 so as 
to create the encrypted statement EANGqcg(K du ) . Further, 
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signature producing computation is carried out on the data 
MS using the secret key d Y iDc as a master key of a reception 
side user so as to produce the signature data S d yi DC (MS). 
2: Two produced encrypted statements EANG QC g (K du ), 
5 EANGksu(MS), signature data S dY iDc(MS), signature data S dcg 

(Qyidc) transmitted from the key management work station 500, 
and public key Qyidc of a reception side user are returned 
to the key management work station 500 as "encryption 
algorithm conversion confirmation request". 

10 (9) Confirmation of the encryption algorithm conversion at 
the key management work station 500 

An encrypted statement returned from the reception 
side user is decrypted so as to confirm that the scramble 
function 230 using the converted encryption algorithm of 

15 the reception side user operates properly. Then, it is 
confirmed that the encryption algorithm after the 
conversion operates properly. 

1: The encrypted statement EANG QC g(K D u) is decrypted with the 
secret key d cg as a master key of the key management work 

20 station 500 so as to obtain the descramble key K DU . 

2: The encrypted statement EANG ksu (MS) is decrypted with the 
descramble key K DU so as to obtain plain text data MS. 
3: Signature verifying computation is carried out on the 
signature data S dC g( Qyidc) and the transmitted public key Qyidc 

25 of the reception side user using the public key Q cg of the 
key management work station 500, so as to confirm that the 
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transmitted public key Qyidc of the reception side user has 
been transmitted from a proper reception side user. 
4: Signature verifying computation is carried out on the 
signature data S dYIDC (MS) and obtained plain text data MS, 
5 using the public key Qyidc of a reception side user, so as 
to confirm that the obtained plain text data MS has been 
transmitted from a proper reception side user. 
5: It is confirmed that the obtained plain text data MS is 
"algorithm conversion confirmation test is terminated" and 

10 then it is confirmed that the scramble function 230 of the 
reception side user operates properly. Then, it is 
confirmed that the encryption algorithm after the 
conversion operates properly. 

The examples of the algorithm conversion of this 

15 embodiment have been described in the above (l)-(9). By 
this encryption algorithm conversion, it comes that the 
user U[A] and user U[B] share the same encryption algorithm 
Consequently, as shown in Fig. 12, cryptographic 
communication between the user U[A] and user U[B] is 

20 enabled . 

In case when an encryption algorithm is converted, in 
this embodiment, the secret key as a master key possessed 
by user and a public key corresponding to this secret key 
are generated at the key management work station. 
25 Although these keys may be generated newly, it is 

possible to generate them based on the keys prior to the 
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conversion. The generation of the key will be described 
below. 

In case of public key cipher also, the key length of 
the secret key for use in the cryptographic communication, 
5 or bit number is increased or decreased by the encryption 
algorithm conversion like the case of the common key cipher. 

To reduce the bit number of the key, redundant bit 
number of a rear part of the secret key d Y n> as a master key 
prior to the conversion of a reception side user is deleted 
10 and this is used as the secret key d Y iDc as a new master key 
of the reception side user. 

To prolong the bit number of the key, as shown in Fig. 
15, a random number YR is generated corresponding to a 
short bit number and the YR is connected to d PY iD so as to 
15 obtain the secret key d Y i D c (d YIDC = P Y idc II YR) as a new 

master key of a reception side user. A public key Q Y idc (- 
P*d Y i DC ; • is computation on an elliptical curve) is 
determined corresponding to the generated secret key d Y i D c. 
Because there is a possibility that this public key 
20 Q Y idc is a secret key of other user generated previously, 
the key management work station 500 retrieves in the 
network encryption algorithm control data base 590 so as to 
confirm that there is no same public key. If the same 
public key exists, a random number is generated again so as 
25 to generate a secret key as a master key. 

Here, it is always possible to use 0 as YR. 
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As described, the encryption algorithm for operating 
the master key and session key employs an elliptical curve 
encryption algorithm which is different from the common key 
encryption algorithm. As a result, duplex encryption 
5 method is constructed so as to improve the security. 

Next, a configuration of a case where the elliptical 
curve cipher is used as a public key cipher in the network 
communication system of the present invention will be 
described. The software function of the case where the 

10 public key cipher is used is the same as the software 
function of the common key cipher shown in Fig. 2. As 
shown in an example of a case where the aforementioned 
public key encryption algorithm is used, the master key of 
each user is the secret key di D and this secret key 

15 corresponds to a public key Q ID (= d ID *P: • is computation 
on elliptical curve) on computation of an elliptical curve. 
The encryption algorithm of the scramble key and descramble 
key is MULTI2 encryption algorithm as the common key 
encryption algorithm. 

20 A fourth embodiment of the present invention will be 

described. Encryption algorithm conversion in encryption 
function incorporated in a portable information processing 
unit will be described here. 

In the above described first- third embodiments, a 

25 plurality of encryption algorithms exist in network 
communication system as shown in Fig. 1. The key 
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management work station 500 grasps a condition of the 
encryption algorithm of each user and each time when a 
request for cryptographic communication occurs, it converts 
the encryption algorithm of each user as required so as to 
5 achieve the cryptographic communication between users. 

Recently, an encryption function has been incorporated 
in a portable information processing unit, for example, 
portable terminal unit, IC card and the like and it is used 
for automatic payment of electronic money. 

10 In case where user possesses an IC card as information 

processing unit in which an encryption function is 
incorporated and executes automatic payment of electronic 
money, this IC card is inserted into a reader which is an 
information processing unit installed on a retailer counter 

15 or the like, so that the payment is carried out by 
information processing between the both. 

In this case, if the IC card is connected to the key 
management work station to carry out encryption processing, 
a user's procedure becomes complicated so that he or she 

20 feels a lot of inconvenience. 

Hereinafter, an encryption algorithm conversion method 
preferable for encryption algorithm conversion to be 
operated in a portable information processing unit 
(terminal, IC card and the like) will be described. 

25 If cryptographic communication is carried out in an 

cryptographic communication system operated by the public 
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key encryption algorithm shown in Fig. 12, a transmission 
side user makes a "session key issue request" to the key 
management work station 500 as shown in Fig. 2 and receives 
a public key Qyid of a reception side user, signature data 
5 Scic(Qyid) of the public key Y id . its own public key Qm and 
signature data S dc (Q ID ) of that public key Q ID from the key 
management work station 500. 

Here, each user stores its own public key Qi D and 
signature data S d c(Qn>) in the key structure control data 

10 base 180, 280. Fig. 16 shows cryptographic communication 

system operated by the public key encryption algorithm (Fig. 
25 shows the functional blocks of this method) . Each user 
receives its own public key Qi D and signature data S dc (Q ID ) 
of that public key Qi D from the key management work station 

15 500 through a route indicated by dotted line of Fig. 16 and 
possesses it in the key structure control data base of each 
user. In this case, the "session key issue request" for 
executing cryptographic communication may be made to a 
reception side user, but not to the key management work 

20 station 500. 

That is, the "session key issue request" is sent to 
the reception side user and then, a public key Q Y id of that 
reception side user and signature data S dc (QYiD) of this 
public key are received from the reception side user. 

25 In the method shown in Fig. 16, it can be considered 

that the secret key di D as a master key to be allocated to 
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each user is generated by the key management work station 
500 or each user. 

1: Method in which the secret key is generated by the key 
management work station 500 
5 If the secret key d ID as a master key and a 

corresponding public key Qi D are generated by the key 
management work station 500 , user not accustomed to 
operation of the encryption algorithm feels very convenient. 

However, how the generated secret key is distributed 
10 to each user is a problem. 

In this embodiment, it is stored in such an electronic 
medium as an IC card and floppy disk and distributed to 
each user. 

As a result, it is made possible for the key 
15 management work station 500 to hold the generated secret 
key di D and for the key management work station 500 to 
decrypt data encrypted with the public key Qi D corresponding 
to the user. Because the key management work station 500 
prevents grasping of user's information, according to this 
20 embodiment, the generated secret key di D is provided with a 
key recovery function and stored in the network key 
structure data base 580 with a correspondence to user ID, 
thereby disabling user to decrypt a cipher text generated 
by user except when an unexpected event occurs. 
25 Hereinafter, the key recovery function of this 

embodiment will be described by taking cryptographic 
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communication in which the key has duplex hierarchical 
structure as an example. The key recovery function adds 
information about decryption to an encrypted statement 
Eks(M) and is capable of decrypting the encrypted statement 
5 without the descramble key K D . 

First, the key recovery function in cryptographic 
communication based on common key encryption algorithm will 
be described. That is, data to be transmitted by the user 
is assumed to be M. The data is encrypted with the 

10 scramble key K s generated by the portable information 

processing unit so as to generate the encrypted statement 
Eks(M) . The descramble key K D for decrypting this encrypted 
statement is encrypted with the session key P T transmitted 
from the key management work station 500, so as to generate 

15 an encrypted statement E PT (K D ). 

First, a procedure for producing additional data for 
providing with the key recovery function when data is 
encrypted with the scramble key K s will be described with 
reference to Fig. 23. 

20 (1) A random number is generated when the scramble key K s 
is generated and the scramble key is expressed as K s = Kl 
XOR K2 by exclusive OR between Kl and K2 (XOR is indicated 
by direct sum symbol in the Figure). 

(2) PI, P2 are used as a key for key recovery and stored 
25 with the key recovery function of the portable information 
processing unit and key management work station 500. Kl, 
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K2 generated for generating the scramble keys K s are 
encrypted with the keys PI, P2 for key recovery so as to 
produce encrypted statements E p i(Kl), E P2 (K2). This data is 
added to the encrypted statement E K s (M) of data produced 
5 with the scramble key K s . 

Next, a procedure for decrypting the encrypted 
statement with this additional data will be described with 
reference to Fig. 24. 

(1) Data E p i (Kl), E p2 (K2) added from the encrypted 

10 statement are separated from each other and then Kl, K2 are 
decrypted with the keys PI, P2 for key recovery. 

(2) An exclusive OR between Kl and K2 is obtained and with 
K s = Kl XOR K2, the scramble key K s is generated. In case 
of common key cipher, the scramble key K s and descramble 

15 key K D are the same. The encrypted statement can be 

decrypted with this scramble key K s . 

If a necessity of decrypting the encrypted statement 

occurs because an unexpected event is generated, the 

encrypted statement is transmitted to the key management 
20 work station 500. Consequently, the encrypted statement 

can be decrypted with the keys PI, P2 for key recovery in 

the aforementioned procedure. 

Next, the key recovery function in the cryptographic 

communication based on the public key encryption algorithm 
25 will be described. It is assumed that the scramble keys 

for use in encryption of the data M are K s and the 
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descramble keys are K D and the public key as a session key 
for distributing the descramble key is Qyid- Cryptographic 
communication is carried out by transmission of the 
encrypted statement E K s (M) and encrypted descramble key 
5 Eqyid (K D ) . 

Here, a case where elliptical curve cipher is used as 
a public key cipher will be described. The elliptical 
curve cipher has been described in for example, "Quick 
Encryption Method Using Elliptical Curve" by Kazuo Takaragi 
10 and Hiroyuki Kurumatani, Technical Report of IEICE ISEC97- 
15(1997-07) . 

First, key recovery function in which a threshold 
value logic is added to encrypted descramble key E QY id(K d ) 
will be described. 
15 ( 1 ) In the key recovery function of the key management work 
station 500, the public keys for key recovery Q A , Qt>, Qc are 
allocated and publicized and secret keys d A , d B , d c (Q A = 
<1a'P* Q b =d B # P, Qc= dc'P) corresponding to the public keys 
are stored. 

20 A threshold value logic computed by the keys Qyid , Q A , Qb. Qc 
is added to the encrypted descramble key E QyiD (K D ). 
(2) Like the case where the common key cipher is used, upon 
cryptographic communication, data cannot be encrypted with 
the scramble key K s until the descramble key K D is encrypted. 

25 The encrypted statement E K s(M) of data and the encrypted 
descramble key E Qy i D (K D ) are always generated in pair. 
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(3) If a necessity of decrypting an encrypted statement 
occurs because an unexpected event is generated, the 
encrypted statements E K s(M) and E QY id(K d ) of a pair are 
transmitted to the key management work station 500. 
5 The key recovery function decrypts with two of the 

secret keys d A , d B , dc and the threshold value logic added 
to the Eqyid(Kd) to obtain the descramble key K D . 

Next, the encrypted statement E K s(M) is decrypted with 
this key K D so as to obtain data M. 

10 An encrypted statement of data M to be transmitted is 

created by encryption computation with the scramble key K s . 
Thus, like the key recovery function using the common key 
cipher (see Fig. 23 for encryption and Fig. 24 for 
decryption) , it is permissible to express the scramble key 

15 K s by exclusive OR between Kl and K2 and carry out key 
recovery using them. Although the keys PI, P2 for key 
recovery shown in Figs. 23 , 24 can be operated with the 
common key encryption algorithm, they can be also operated 
for key recovery with the public keys Q A , Q B . 

20 In this case, data to be added to the encrypted 

statement E K s (M) for key recovery are encrypted statements 
E QA (K1), E qb (K2) obtained by encrypting Kl, K2 with public 
keys Q A , Qb. The key recovery is carried out by decrypting 
the added data using the secret keys d A , d B corresponding to 

25 the public keys Q A , Qb in the key recovery function of the 
key management work station 500. 
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2: Method for generation by each user 

A user accustomed to operation of the encryption 
algorithm is capable of generating the secret key d ID as a 
master key for use by himself or herself and corresponding 
5 public key Qi D . 

In this case, because the secret key di D as a master 
key to be possessed by user is possessed only by the user, 
there is no possibility that an encrypted statement 
produced by the public key Qi D may be decrypted at the key 
10 management work station 500. 

The user transmits the public key Q ID generated 
corresponding to the secret key dm to the key management 
work station 500. 

The key management work station 500 recognizes an 
15 identity of a user transmitting the public key Q ID , carries 
out signature producing computation on the transmitted 
public key Q ID with the secret key d c possessed by the key 
management work station 500 and transmits the signature 
data S dc (Qid) to that user. 
20 According to this embodiment , like the case indicated 

by 1:, the secret key d ID as a master key possessed by user 
is provided with key recovery function and stored in the 
network key structure data base 580 with a correspondence 
to user ID. 

25 Which the secret key dn> as a master key possessed by 

each user and a corresponding public key Q ID are to be 
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generated by the key management work station 500 or user is 
selected depending on user condition. 

If the above method is applied, cryptographic 
communication can be achieved between the IC card (as a 
5 reception side user) and a reader (as a transmission side 
user) which is an information processing unit installed on 
a retailer counter or the like not through the key 
management work station 500, with the IC card inserted in 
the reader. 

10 If the encryption algorithms are different between the 

IC card and reader which is the information processing unit, 
when user inserts the IC card into the reader, 
cryptographic communication or payment cannot be achieved 
until the encryption algorithm of the both are made equal. 

15 In this case, a necessity of converting the encryption 

algorithm occurs. If this encryption algorithm conversion 
is possible in the condition that the IC card is inserted 
in the reader which is the information processing unit 
installed on a retailer counter, user's procedure is 

20 simplified, thereby ensuring a lot of convenience. 

Such encryption algorithm conversion will be described 
with reference to Figs. 17 and 18. 

In case of elliptical curve cipher, the encryption 
algorithm is determined by coefficients a and b of the 

25 elliptical curve Y 2 = X 3 + ax + b, characteristic p of 

coefficient, base point P and its order n. This encryption 
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algorithm may be kept secret or public. 

The public key Q and secret key d of an elliptical 
curve cipher are expressed as Q = d* P (• is computation on 
an elliptical curve) by the base point P. 
5 Even if the coefficients a and b of the elliptical 

curve y 2 = x 3 + ax + b are equal, it is possible to provide 
different encryption algorithms having the same encryption 
intensity by changing the base point P. If the 
coefficients a, b and characteristic p of the coefficient 

10 are changed, the elliptical curve is changed, so that a 
different encryption algorithm is settled. 

If the elliptical curve is generated so as to have 
almost equal key length before and after the coefficients a, 
b and characteristic p of the coefficient are changed, a 

15 plurality of almost the same encryption algorithms having 
different encryption intensity can be provided. 

In case where the coefficients a, b and characteristic 
p of the coefficient are changed, the encryption intensity 
or key length can be changed depending on a generation 

20 method of the elliptical curve. 

Hereinafter, a case assuming that the encryption 
algorithm used by the IC card is EBF and the encryption 
algorithm used by a reader as an information processing 
unit is EANG and the key length of the EANG is longer than 

25 that of the EBF will be described about other example of 
the encryption algorithm conversion. 
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Here, cryptographic communication system to which the 
encryption algorithm conversion is applied will be 
described with reference to Fig. 21. This cryptographic 
communication system employs a hierarchical structure 
5 having a simplex cipher key. That is, this system does not 
employ the scramble key and descramble key of the 
cryptographic communication system shown in Fig. 16. 

First of all, data base about the key and encryption 
algorithm possessed by the transmission side user, 

10 reception side user and network management work station 
will be described with reference to the software function 
of the network communication system shown in Fig. 3. In 
this embodiment, the transmission side user corresponds to 
a reader as the information processing unit and the 

15 reception side user corresponds to a portable information 
processing unit such as an IC card. 

With reference to Fig. 19, examples of information to 
be stored in the data base about the key and encryption 
algorithm will be described. 

20 (1) Data base of the key management work station 500 

1: Network encryption algorithm management data base 590 

The data base stores encryption algorithms A[l], A[2], 
• • • A[N] of all the elliptical curves for use by this 
network communication system, version numbers B[l], B[2], 

25 ••• B[N] corresponding to the encryption algorithms, secret 
keys d c [l], d c [2], ••• d c [N] as a master key for use by the 
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key management work station 500 corresponding to the 
encryption algorithms, and public keys Q c [l]/ Qcf2] , ••• 
Qc[N] corresponding to the secret keys. 

In the encryption algorithm EBF of this embodiment, 
5 the version number BF , the secret key d c as the master key 
and the public key Q c corresponding to this secret key are 
stored corresponding to the encryption algorithm EBF. 
Likewise, in the encryption algorithm EANG of this 
embodiment, the version number BG, the secret key d cg as the 
10 master key and the public key Q cg corresponding to this 
secret key are stored corresponding to the encryption 
algorithm EANG. 

2: Network key management data base 580 

The network key management data base 580 stores user 

15 ID of user of an IC card or a reader which is an 

information processing unit, ID[1], ID[2], ■•• ID[M], 
version numbers of the encryption algorithm for use by this 
user, BP [1], BP[2], ••• BP[M] , and the public keys for use 
by the user with this encryption algorithm, Qi D [l], Qid[2], 

20 Qi D [M] corresponding to the user ID. 

The secret keys di D [l], di D [2], di D [M] as the master 

key for use by each user corresponding to the encryption 
algorithm are supplied with the key recovery function and 
stored corresponding to each user ID. 

25 (2) Data base of the transmission side user 100 (reader 
which is an information processing unit) 
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1: encryption algorithm data base 190 

(i) As information of the encryption algorithm operated by 
the user, the encryption algorithm data base 190 stores 
encryption algorithm EANG, version number BG, public key Q cg 

5 for use by the key management work station 500 under this 
encryption algorithm and signature data S dcg (EANG) of the 
key management work station 500 corresponding to the 
encryption algorithm EANG. 

Here, the signature data S dcg (EANG) is obtained by 
10 carrying out signature producing computation on the 

encryption algorithm EANG with the secret key d cg as the 
master key for use by the key management work station 500 
under the encryption algorithm EANG. 

(ii) As information about the encryption algorithm operated 
15 by the network communication system, the encryption 

algorithms A[l], A[2] # ••• A[N] , corresponding version 
numbers B[l] f B[2], ••• B[N], the public keys for use by 
the key management work station 500, Q c [l], Qc[2], ••• Q C [N], 
and signature data of the key management work station 
20 corresponding to the public key Q cg , S dc [l](Q cg ), S dc [2](Q cg ), 
•■' S dc [N](Q cg ) are stored corresponding to the encryption 
algorithms . 

Here, the signature data S dc [i](Q cg ) is obtained by 
carrying out signature producing computation on the public 
25 key Q cg with the secret key d c [i] as the master key for use 
by the key management work station 500 under the encryption 
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algorithm A[i] . 

Specifically in the encryption algorithm EBF of this 
embodiment, the version number BF, public key Q c and 
signature data S dc (Q cg ) are stored corresponding to the 
5 encryption algorithm EBF. 

Here, the signature data S dc (Qcg) is obtained by 
carrying out signature producing computation on the public 
key Qcg with the secret key d c as the master key for use by 
the key management work station 500 under the encryption 

10 algorithm EBF. 

2: Key structure management data base 180 

The key structure management data base 180 stores the 
encryption algorithm to be operated by user, namely in this 
embodiment, the secret key dn> as the master key for use by 

15 the user under the encryption algorithm EANG, public key Qi D 
corresponding to this secret key and signature data S dcg (QiD) 
obtained by carrying out signature producing computation on 
the public key Qi D with the secret key d cg as the master key 
for use by the key management work station 500 under the 

20 encryption algorithm EANG . 

(3) Reception side user (IC card) 200 data base 
1: encryption algorithm data base 290 

As information about the encryption algorithm operated 
by the user, the encryption algorithm EBF, version number 

25 BF, public key Q c for use by the key management work 

station 500 under this encryption algorithm and signature 
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data Sdc(EBF) of the key management work station 500 
relative to the encryption algorithm EBF are stored. 

Here, the signature data S dc (EBF) is obtained by 
carrying out signature producing computation on the 
5 encryption algorithm EBF with the secret key d c as the 

master key for use by the key management work station 500 

under the encryption algorithm EBF. 

2: Key structure management data base 280 

The key structure management data base 280 stores the 

10 encryption algorithm to be operated by user, namely in this 
embodiment, the secret key dym as the master key for use by 
the user under the encryption algorithm EBF, public key Q Y i D 
corresponding to this secret key and signature data S dc (Q Y i D ) 
obtained by carrying out signature producing computation on 

15 the public key Qyid with the secret key d c as the master key 
for use by the key management work station 500 under the 
encryption algorithm EBF. 

Above, the data base about the key and encryption 
algorithm which are a presumption for the encryption 

20 algorithm conversion has been described. 

A public key for use by the key management work 
station 500, signature data produced with the secret key as 
a master key for use by the key management work station 500, 
an encryption algorithm and a version number corresponding 

25 thereto are stored in the transmission side user and 
reception side user data bases. 
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These data are distributed by the key management work 
station 500. 

Next, an example of encryption algorithm conversion to 
be carried out between a transmission side user (reader 
5 which is an information processing unit) and a reception 
side user (IC card) will be described with reference to 
Figs. 17 and 18. 

Although for encryption algorithm conversion, the 
elliptical curve encryption algorithm may be sent in open 
10 state, according to this embodiment, it is sent in 
encryption state. 

Here, assuming that as described previously, the key 
length of the BANG is longer than that of the EBF, a case 
where the encryption algorithm EBF of an IC card is 
15 converted to the encryption algorithm EANG will be 
described. 

1: User possessing an IC card purchases at a shop or the 
like and inserts the IC card into a reader as the 
information processing unit to pay for purchased goods. 

20 The cryptographic communication control function of 

the reader as the information processing unit adds a 
version number BG to the operating encryption algorithm 
EANG and sends a "session key issue request" to 
cryptographic communication control function 250 of the IC 

25 card. 

2: If the version number of the encryption algorithm 
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operated by the IC card agrees with the BG, the IC card 
issues the public key possessed by himself and the 
signature data of the public key and carries out 
cryptographic communication with the reader as the 
5 information processing unit according to a procedure shown 
in Fig. 21. 

However, the version number of the encryption 
algorithm EBF operated by the IC card is BF , which is 
different from the transmitted version number BG. 

10 After recognizing that the version number is different, 

the cryptographic communication control function 250 adds 
BF to this version number and sends an "encryption 
algorithm updating request" to the cryptographic 
communication control function 150 of a reader which is an 

15 information processing unit. 

3: Under the version number BF f the reader as the 
information processing unit retrieves in the encryption 
algorithm data base 190 and fetches out the public key Q cg 
of the key management work station 500 operated with the 

20 encryption algorithm EANG and signature data S dc (Q cg ) 

obtained by carrying out signature producing computation on 
the public key Q cg with the secret key d c as a master key 
for use by the key management work station 500 under the 
encryption algorithm EBF and transmits this public key Q cg 

25 and the signature data S dc (Q cg ) to the IC card. 

4: The IC card carries out signature verifying computation 
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on the transmitted public key Q cg and signature data S dc 
(Qcg) using the public key Q c of the key management work 
station 500 operated under the encryption algorithm EBF , so 
as to verify that the public key Q cg has been transmitted 
5 from the reader as a proper information processing unit. 
5: Next # the IC card carries out signature producing 
computation on the public key Q Y id with the public key Q YID 
of an IC card operated under the encryption algorithm EBF 
from the key structure management data base 280 and the 

10 secret key d c as a master key for use by the key management 
work station 500 under the encryption algorithm EBF and 
fetches out the signature data S dc (QYiD) distributed from the 
management work station 500, and then transmits this public 
key Qyid and signature data Scic(Qyid) to the reader as an 

15 information processing unit. 

6: The reader as the information processing unit carries 
out signature verifying computation on the received public 
key Qyid and signature data S dc (QYiD) using the public key Q c 
of the key management work station 500 operated under the 

20 encryption algorithm EBF, so as to verify that the public 
key Qyid has been transmitted from a proper IC card. 
7: The reader as the information processing unit encrypts 
the encryption algorithm EANG with the public key Qyid by 
operating the encryption algorithm EBF so as to create the 

25 encrypted statement EBF QY id (EANG) . 

At the same time, signature producing computation is 
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carried out on the encryption algorithm EANG with the 
secret key d cg as a master key for use by the key management 
work station 500 under the encryption algorithm EANG. Then, 
the signature data S dcg (EANG) distributed from the 
5 management work station 500 is fetched out and the 
encrypted statement EBFqyid ( EANG ) and signature data 
Sdcg(EANG) are transmitted to the IC card. 

8: The IC card decrypts the transmitted encrypted statement 
EBFqyid (EANG) using the secret key d YID possessed by the IC 

10 card operated under the encryption algorithm EBF so as to 
obtain the encryption algorithm EANG. 

Next, the IC card converts the operating encryption 
algorithm from EBF to the obtained EANG, and carries out 
signature verifying computation on the obtained encryption 

15 algorithm EANG and received signature data S dcg (EANG) using 
the public key Q cg of the key management work station 500 
obtained in 4: so as to verify that this is an encryption 
algorithm distributed from a reader as a proper information 
processing unit. As a result, updating of the encryption 

20 algorithm to this EANG is completed. 

9: Because the key length of the encryption algorithm EANG 
is longer than the encryption algorithm EBF, the secret key 
dyio as the master key of the IC card is used as a secret 
key of the encryption algorithm EANG as it is and a 

25 corresponding public key Q YIDC (= P'dyio;. is computation on 
an elliptical curve) is generated from the base point P of 
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the received encryption algorithm EANG. 

The IC card returns the encryption algorithm to EBF 
temporarily and carries out signature producing computation 
on the public key Q YIDC using the secret key d Y i D under the 
5 encryption algorithm EBF so as to produce signature data 

SdYID (QYIDC) • 

The IC card transmits the generated public key Qyidc 
and signature data S d YiD (Qyidc) to the reader as an 
information processing unit. 

10 10: The reader as the information processing unit converts 
the encryption algorithm to EBF temporarily and carries out 
signature verifying computation on the received signature 
data S d YiD (Qyidc) and public key Qyidc using the public key Q Y i D 
obtained in 6:, so as to verify that it is a public key 

15 Qyidc of an IC card distributed from a proper IC card. 

After that, the encryption algorithm is converted to 
the encryption algorithm EANG again. 

11: The reader as the information processing unit carries 
out signature producing computation on the public key Q ID 

20 with the public key Qi D for use by the reader as the 

information processing unit operated under the encryption 
algorithm EANG sent from the key structure management data 
base 180 and the secret key d cg as a master key for use by 
the key management work station 500 under the encryption 

25 algorithm EANG. Then, the signature data S dcg (QiD) 

distributed from the management work station 500 is fetched 
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out and this public key Q ID and the signature data S dC g(QiD) 
are transmitted to the IC card. 

12: The IC card carries out signature verifying computation 
on the received signature data S dcg (QiD) and public key Qi D 
5 using the public key Q cg of the key management work station 
500 obtained in 4: under the encryption algorithm EANG, so 
as to verify that it is a public key Q 1D for the reader as 
an information processing unit, transmitted from the reader 
as a proper information processing unit. 

10 13: Consequently, the IC card and the reader as the 

information processing unit share the encryption algorithm 
EANG and verifies the validities of the public keys (public 
key Qi D of a reader as the information processing unit and 
public key Qyidc of the IC card) . By carrying out data 

15 encryption with this public key, cryptographic 

communication, signature producing computation and 
signature verifying computation can be executed between the 
IC card and the reader as the information processing unit, 
thereby enabling payment. 

20 The key management work station 500 does not do 

anything in the above described procedure . 

However, because the IC card has no signature data of 
the key management work station 500 regarding the converted 
public key Qyidc, it cannot be used just as it is, but after 

25 the payment is settled, the encryption algorithm needs to 
be returned from EANG to EBF. 
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Next, an example for obtaining signature data of the 
key management work station by the public key Qyidc 
converted by the IC card will be described with reference 
to Fig. 18. 

5 1: The signature data S dY i D (Qyidc) produced with the secret 
key dyi D under the encryption algorithm EBF for the public 
key Qyidc of an IC card operated by the encryption algorithm 
EANG whose validity is verified, is transmitted from the IC 
card to the reader as the information processing unit. 

10 This signature data S dY iD (Qyidc). public key Qyidc. 

public key Qyid of an IC card operated with the encryption 
algorithm EBF , version number BF of the encryption 
algorithm EBF, version number BG of the encryption 
algorithm EANG, and user ID of the IC card are transmitted 

15 to the key management work station 500. 

2: With the user ID of the it card as a key, the key 
management work station 500 retrieves in the network key 
management data base 580 and verifies that the public key 
Qyid of a received IC card exists. 

20 Signature verifying computation is carried out on the 

signature data S d YiD (Qyidc) and public key Qyidc using the 
public key Qyid of the IC card so as to verify that it is a 
public key Qyidc of a proper IC card. 

In the above procedure, it is verified that the public 

25 key Qyidc is a public key of the IC card. 

3: Signature producing computation is carried out on this 
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public key Qyidc using the secret key d cg of the key 
management work station 500 operated with the encryption 
algorithm EANG so as to create signature data S dC g( Qyidc) and 
it is returned to the reader as the information processing 
5 unit. 

The key management work station 500 updates a version 
number of the encryption algorithm stored corresponding to 
the user ID of the IC card in the network key management 
data base 580 and the public key to BG and Qyidc 

10 respectively. 

4: The reader as the information processing unit transmits 
this signature data S dC g( Qyidc) to the IC card. 

In the above processing, the IC card is capable of 
obtaining the signature data S dC g( Qyidc) of the key 

15 management work station 500 for the public key Qyidc- 

In the above described embodiment, the key management 
work station 500 verifies an existence of the public key 
Qyid before the conversion and signature data of the public 
key Qyidc after the conversion thereby preventing an access 

20 of a false IC card. 

The IC card possesses the public key Qyidc operated 
under the encryption algorithm EANG and signature data 
S dC g( Qyidc) of the key management work station 500 and is 
capable of operating the encryption algorithm EANG. 

25 The key management work station only has to carry out 

signature production and signature verifying computation on 
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a public key generated with respect to the converted 

encryption algorithm. Thus, with the IC card inserted into 

the reader as the information processing unit, encryption 

algorithm conversion can be carried out. 
5 In this encryption algorithm conversion, user (IC card 

in this case) generates its own secret key and public key 

for a new encryption algorithm. 

In this embodiment, it is specified that the secret 

keys possessed by the user are the same for the encryption 
10 algorithm before the conversion and encryption algorithm 

after the conversion. 

Such a secret key setting method is effective when the 

key lengths of the encryption algorithms mixing in a system 

vary and it cannot be specified which key length encryption 
15 algorithm the user is using. 

It can be considered that conversion of encrypting 

algorithm is carried out to one which has a longer key 

which any user does not use. 

In this case, if the key length of a secret key used 
20 by each user is the same as before the conversion, the key 

length used by every user is not increased although a key 

length permitted by the encryption algorithm is extended. 

In this case, a cipher attacker can attack with a range of 

the key length to be attacked limited to an original key 
25 length. That is, it does not come that substantially the 

encryption intensity is increased, even if the allowable 
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key length is prolonged. 

To avoid this event, a method in which the key length 
is prolonged as shown in Fig. 15 can be considered 
effective. 

5 In this case, even if every user increases the key 

length based on a random number, key management is made 
easier because the same key length does not exist. 

An attention has to be paid to only a user newly 
participating in the system so that the same key may not 
10 exist. 

The method for user to generate his or her own secret 
key and public key for a new encryption algorithm is 
applicable to ordinary encryption algorithm conversion 
described in Figs. 13, 14 and 11. If user generates his or 

15 her own secret key, a possibility that the secret key may 
be decrypted by the key management work station can be 
avoided. Hereinafter, an example for generating his or her 
own secret key with respect to the encryption algorithm 
conversion will be described with reference to Fig. 20. 

20 Although in the encryption algorithm conversion of 

this case, it is necessary to verify the scramble function 
and descramble function, this is the same method as 
described in Figs. 13, 14 and 11 and only an encryption 
algorithm distribution method and a generation method for a 

25 secret key to be possessed by user himself will be stated 
here . 
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An operating condition of the public key encryption 
method mentioned here employs the cryptographic 
communication method shown in Fig. 16 and Fig. 20 shows an 
example of the encryption algorithm conversion in this 
5 cryptographic communication method. 

In this Figure, it is assumed that the encryption 
algorithm operated by the reception side user is EBF and 
the encryption algorithm to be converted is EANG. 

As described in Figs. 13, 14 and 11, it is assumed 
10 that a secret key as a master key to be operated by the key 
management work station relative to the encryption 
algorithm EBF is dc and a public key corresponding to this 
secret key is Q c . 

Likewise, it is assumed that the secret key as a 
15 master key for the key management work station to operate 
the encryption algorithm EANG is d cg and the public key 
corresponding to this secret key is Q cg . 

On the other hand, it is assumed that the secret key 
as a master key to be operated by the reception side user 
20 for the encryption algorithm EBF is d Y i D and the public key 
corresponding to this secret key is Qyid- 

The above described presumption is the same as shown 
in Figs. 13, 14 and 11 and an embodiment of the encryption 
algorithm conversion will be described. 
25 (1) The network key management function 570 of the key 

management work station 500 creates the following encrypted 
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statement and signature data using the encryption algorithm 
EBF before the conversion. 

1: A scramble key K SB for encrypting the encryption 
algorithm EANG and a descramble key K DB for decrypting are 
5 generated with the encryption algorithm EBF before the 
conversion. 

2: The encryption algorithm EANG is encrypted with the 
scramble key k S B so as to create an encrypted statement 
EBFksb(EANG) . 

10 Further, the public key Q Y id as the master key of the 

reception side user is fetched out and the descramble key 
K DB is encrypted so as to create an encrypted statement 
EBFqyid(Kdb) • 

3: Signature producing computation is carried out on the 
15 encryption algorithm EANG with the encryption algorithm EBF 
before the conversion and the secret key d c which is a 
master key of the key management work station 500 so as to 
create signature data S dc (EANG). 

4 : Signature producing computation is carried out on the 
20 encryption algorithm EBF before the conversion and the 

public key Q cg as a master key of the key management work 
station 500 which is applied to the encryption algorithm 
EANG after the conversion with the secret key dc as the 
master key of the key management work station 500 so as to 
25 create signature data S dc (Qcg)* 

5: Two produced encrypted statements EBF QYID (K DB ), 
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EBFksb(EANG) , two signature data S dc (EANG), S dc (QcG) and the 
public key Q cg of the key management work station 500 are 
transmitted to the IC card (the reception side user) via an 
IC card reader (not shown in Fig. 20). 

5 

(2) Reception side user's obtaining the encryption 
algorithm 

The reception side user operates EBF as an encryption 
algorithm and possesses the secret key d YID as a master key 

10 and a public key Q c of the key management work station 500 
operated by the encryption algorithm EBF. 
1: An encrypted statement EBF QYID (K DB ) is decrypted using 
the secret key d Y i D as a master key so as to obtain the 
descramble key K DB . Next, the encrypted statement 

15 EBFksb(EANG) is decrypted using this descramble key K DB so as 
to obtain the encryption algorithm EANG . Signature 
verifying computation is carried out on the signature data 
S dc (EANG) and obtained encryption algorithm EANG using the 
public key Q c of the key management work station 500 under 

20 the encryption algorithm EBF and it is verified whether or 
not the obtained encryption algorithm EANG has been 
transmitted from the proper key management work station 500. 
2: Under the encryption algorithm EBF, signature verifying 
computation is carried out on the signature data S dc (Q cg ) 

25 and the public key Q cg to be operated on the received 

encryption algorithm EANG converted by the key management 
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work station 500 using the public key Q c of the key 
management work station 500 so as to verify that the 
transmitted public key is a public key of a proper key 
management work station 500. 
5 In the above manner, the reception side user has 

obtained the encryption algorithm EANG and public key Q cg to 
be operated on the encryption algorithm EANG of the key 
management work station 500. Then, the obtained encryption 
algorithm EANG is registered in the encryption algorithm 
10 management data base 290, and the encryption algorithm EANG 
as well as EBF is made operable by the encryption algorithm 
management function. 

(3) Conversion of the key possessed by the reception side 
user 

15 1: With respect to the encryption algorithm EANG 

transmitted from the key management work station 500, the 
reception side user generates a new secret key d Y iDc as a 
master key which he owns himself. 

The following three methods can be mentioned as a 

20 method for generating the secret key. 

(a) Using the secret key d Y n> operated with the encryption 
algorithm EBF as a secret key of the encryption algorithm 
EANG 

(b) Generating a new secret key d Y iDc by adding a random 
25 number to the secret key d YID operated with the encryption 

algorithm EBF as shown in Fig. 15. 
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(c) Generating a new secret key d Y iDc according to 
information of the encryption algorithm EANG. 

The secret key d Y iDc to be possessed by the reception 
side user himself or herself is generated by any of these 
5 methods so as to generate the public key Qyidc corresponding 
to this secret key. 

Because the above method (c) has a possibility that 
the generated secret key may agree with a key of other user 
as described previously, it is necessary for the key 

10 management work station 500 to verify that there is no 
public key which the other user uses . 

In case when an encryption algorithm EANG to be 
converted is an elliptical curve cipher, with the base 
point of this algorithm as P, the public key Qyidc is given 

15 as P*d Y iDc (• is computation on elliptical curve). 

2: The reception side user returns the encryption algorithm 
to EBF temporarily and carries out signature producing 
computation on the public key Qyidc using the secret key d Y iD 
under this encryption algorithm EBF so as to create 

20 signature data S d YiD( (Qyidc) . The generated public key Qyidc, 
signature data S dY iD (Qyidc) and the reception side user's ID 
are transmitted to the key management work station 500 via 
the IC card reader (not shown in Fig. 20). 
3: The key management work station 500 returns the 

25 encryption algorithm to EBF and queries the network key 

management data base 580 with the transmitted user ID as a 
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key so as to fetch out the public key Qyid of a given 
reception side user. Next, signature verifying computation 
is carried out on the transmitted public key Qyidc and 
signature data S dYID (Qyidc) using the public key Qyid of this 
5 reception side user so as to verify that this is a public 
key Qyidc transmitted from a proper reception side user. 

Because the key management work station 500queries the 
network key management data base 580 and recognizes the 
public key Qyid of the reception side user, it is possible 
10 to prevent a false reception side user from accessing this 
system. 

In the above manner, the key management work station 
500 obtains the public key Qyidc operated by the reception 
side user under the converted encryption algorithm EANG . 

15 After that, the key management work station 500 needs a 
series of procedure related to the encryption algorithm 
conversion, such as carrying out signature producing 
computation on the public key Qyidc operated by the 
reception side user by using the secret key d cg as a master 

20 key operated under the encryption algorithm EANG, creating 
signature data S dcg ( Qyidc)/ sending it to the reception side 
user, verifying the scramble function and descramble 
function. These are achieved by carrying out the procedure 
for the encryption algorithm conversion described in Figs. 

25 13, 14 and 11. 

An example for user to generate his own key himself or 
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herself for a new encryption algorithm has been described. 
Finally, (1) conversion from a common key encryption 
algorithm to other public key encryption algorithm and (2) 
conversion from the public key encryption algorithm to 
5 other common key encryption algorithm will be described 
below. 

(1) Conversion from a common key encryption algorithm to 
other public key encryption algorithm 

The embodiment of the encryption algorithm conversion 
10 from the common key encryption algorithm to other common 
key encryption algorithm has been described with reference 
to Figs. 8, 9 and 6. 

In this case, it is assumed that the encryption 
algorithm before the conversion is EBF and the encryption 
15 algorithm after the conversion is EANG. 

A case where the encryption algorithm will be 
converted from the common key encryption algorithm to other 
public key encryption algorithm will be described assuming 
that the common key encryption algorithm before the 
20 conversion is EBF and the public key encryption algorithm 
after the conversion is EANG to use the same symbols. 

The public key encryption algorithm EANG after the 
conversion can be encrypted with the common key encryption 
algorithm EBF before the conversion according to the 
25 embodiment shown in Figs. 8, 9 and 6 and distributed. 

In case where the common key encryption algorithm is 
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converted to the public key encryption algorithm, it is 
necessary to generate a new secret key and public key and 
verify the scramble function and descramble function for a 
converted public key encryption algorithm. This series of 
5 key generation and functional verification can be carried 
out according to the embodiment of the public key 
encryption algorithm conversion shown in Figs. 13, 14 and 
11. 

(2) Conversion from the public key encryption algorithm to 
10 other common key encryption algorithm 

The common key encryption algorithm is different from 
the public key encryption algorithm in that no signature 
producing computation or signature verifying computation is 
carried out . 

15 Therefore, in case where the public key encryption 

algorithm is converted to other common key encryption 
algorithm, the encryption algorithm conversion can be 
carried out in a procedure excluding the signature 
producing and verifying computations in .the embodiment of 

20 the public key encryption algorithm conversion shown in 
Figs. 13, 14 and 11. 

The embodiment of the encryption algorithm conversion 
has been described above. 

Whether or not the encryption algorithm conversion has 

25 been carried out properly in the embodiment of the 

encryption algorithm conversion shown in Fig. 5, embodiment 
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of the common key encryption algorithm conversion shown in 
Figs. 8, 9 and 6 and embodiment of the public key 
encryption algorithm conversion shown in Figs, 13, 14 and 
11, is verified by operating the scramble function and 
5 descramble function of cryptographic communication system, 
encrypting plain text data MD "confirmation of descramble 
function after the algorithm conversion is terminated" and 
plain text data MS "algorithm conversion confirmation test 
is terminated", transmitting the data and verifying whether 

10 or not the data are successfully decrypted. 

If a given plain text data MD or plain text data MS is 
not decrypted in each process for confirmation of this 
encryption algorithm conversion, a response message to 
"encryption algorithm conversion operation error" is 

15 transmitted and that given process is executed again. 

In a process for exchange of encryption algorithm 
conversion data in the embodiment of the public key 
encryption algorithm conversion shown in Figs. 17, 18, 13, 
14 and 11, signature verifying computation is carried out 

20 on signature production data created under the public key 
encryption algorithm. If an error occurs in the signature 
production data as a result of this signature verifying 
computation, a response message "encryption algorithm 
conversion operation error" is transmitted and that given 

25 process is executed again. 

If the plain text data MD or plain text data MS is not 
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decrypted after that reexecution or an error occurs in the 
signature production data as a result of the signature 
verifying computation, a response message "encryption 
algorithm conversion abnormal termination" is transmitted 
5 and then the encryption algorithm conversion process is 
interrupted. 

If such a response "encryption algorithm conversion 
abnormal termination" occurs, cryptographic communication 
system components are inspected in viewpoints of hardware 

10 and software. 

Although Figs. 13, 14 and 11 show the embodiments of 
the public key encryption algorithm conversion, if the 
encryption algorithm conversion is not carried out or if 
the encryption algorithm is the same and therefore, not 

15 distributed, the key management station sends a procedure 
for distributing a key for use by user for key updating, 
deletion and the like. Although in the embodiment of the 
public key encryption algorithm conversion shown in Figs. 
17 and 18, the process for encryption algorithm conversion 

20 confirmation by the plain text data MD and MS has not been 
described, the encryption algorithm conversion confirmation 
can be carried out by encrypting the plain text data MD and 
MS with the public key based on the encryption algorithm 
and sending them according to the embodiment shown in Figs. 

25 13, 14 and 11. 

According to the present invention, the encryption 
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algorithm can be distributed with the safety and further, 
converted in a condition that time and labor required for 
the distribution are reduced. 

Further, by the above-mentioned encryption algorithm 
conversion, encryption algorithms operated by plural users 
are capable of sharing the same encryption algorithm or 
that shared encryption algorithm can be changed to other 
encryption algorithm. 
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